IT Central Station is now PeerSpot: Here's why

OWASP Zap OverviewUNIXBusinessApplication

OWASP Zap is #6 ranked solution in AST tools. PeerSpot users give OWASP Zap an average rating of 8 out of 10. OWASP Zap is most commonly compared to PortSwigger Burp Suite Professional: OWASP Zap vs PortSwigger Burp Suite Professional. OWASP Zap is popular among the large enterprise segment, accounting for 55% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 28% of all views.
What is OWASP Zap?

OWASP ZAP (Zed Attack Proxy) is a free, open-source web application security scanner that enables software developers and testers to perform penetration testing on their applications to discover vulnerabilities and prevent hostile attacks. To date, it is one of the most searched Open Web Application Security Project (OWASP) projects, and an international group of volunteers is maintaining it. This tool is both flexible and extensible and is intended to be used by users who are new to application security as well as expert testers. For the users' convenience, OWASP ZAP has versions for each major OS and Docker platform so as not to rely on any single OS.

OWASP ZAP focuses on being the “middle man proxy,” as it is positioned between the user’s browser and the web application. In doing so, it will intercept and examine messages that are sent between a browser and a web application. If needed, it will adjust the contents and pass those packets on to their destination. As is the case in many corporate settings, if there is already another network proxy in use, ZAP can be configured to join that proxy. A variety of add-ons for further functionality is available on ZAP Marketplace.

OWASP ZAP offers a range of security automation options, including:

  • Docker Packaged Scans: A ZAP automation scanner that provides a lot of flexibility and makes it easy for the user to get started with the tool.

  • Quick Start Command Line: A rapid and straightforward scanner that is suitable for a quick scan.

  • API and Daemon Mode: Through a comprehensive API, this mode gives the user complete control over ZAP.

  • Automation Framework: A state-of-the-art framework that is not tied to any current container technology. This framework will, in time, take over the Command Line and the Package Scan options.

  • GitHub Actions: The ability to use any associated and available GitHub package scan.

Benefits of OWASP ZAP

Some of OWASP ZAP’s benefits include:

  • The ability to run an automated scan. Once set up, ZAP will deploy two spiders to crawl the web application and subsequently scan each page it finds.

  • It interprets your results and sends an automated alert. After scanning the web application, all requests and responses sent to each page are recorded. If there is a potential problem, an alert is created and sent to the user.

  • An intuitive and innovative interface. The Heads Up Display (HUD) is a new feature that provides capabilities right in the browser. It is great for people new to web security and experienced testers alike.

Reviews from Real Users

OWASP ZAP stands out among its competitors for a number of reasons. Among them are the solution’s automatic scanning feature, its ease of use, its ability to report vulnerabilities, and its being a free open-source solution..

PeerSpot user Piyush S., Technical Specialist (DevOps), notes that "Automatic scanning is a valuable feature and very easy to use. The initial setup is straightforward. The solution is free due to the fact that it is open-source. The product has a strong community surrounding it to help with issues and troubleshooting. The stability of the solution is very good."

Raj K., Business Analyst at Experion Technologies, notes, “The valuable features are that it's very simple to use and the user interface is very good, particularly for beginners so they can start the application easily. It's enough to refer to an online tutorial to be able to start using this application. It's not very complex.”

Balaji S., Assistant Vice President at Hexaware Technologies Limited, writes, “The solution is good at reporting the vulnerabilities of the application. It can help us with security, SQL injection vulnerability, known vulnerabilities, et cetera. Any kind of a threat that we get in the development cycle, is what we will look for. This solution helps us find them.

Many users like how the solution has improved over the years. As Alan G., CEO at Virtual Security International, notes, "It has evolved over the years, and recently in the last year they have added HUD (Heads Up Display)."

OWASP Zap Buyer's Guide

Download the OWASP Zap Buyer's Guide including reviews and more. Updated: May 2022

OWASP Zap Video

OWASP Zap Pricing Advice

What users are saying about OWASP Zap pricing:
  • "We have used the freeware version. I believe Zap only has freeware."
  • "This is an open-source solution and can be used free of charge."
  • OWASP Zap Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Balaji Senthiappan - PeerSpot reviewer
    Assistant Vice President at Hexaware Technologies Limited
    Real User
    Top 20
    Great at reporting vulnerabilities, helps with security, and reveals development threats well
    Pros and Cons
    • "The solution is good at reporting the vulnerabilities of the application."
    • "It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."

    What is our primary use case?

    Currently, we build our products for the banking industry and use this solution in that process. From a development cycle, we update the SQL injections that basically shows what a developer may have to address. Then, if there is still a problem, we're concerned at the architect level. That's at least initially reported by the customers when they do another round of review after we deliver our code. 

    What is most valuable?

    The solution is good at reporting the vulnerabilities of the application.  It can help us with security, SQL injection vulnerability, known vulnerabilities, et cetera. Any kind of a threat that we get in the development cycle, is what we will look for. This solution helps us find them.

    What needs improvement?

    I can't recall any features that are lacking. In my role as a service provider, I only go up to standards defined by somebody else. So far, this solution has met their standards. So far I've not come across a scenario where we had to do anything that's a major rework due to the fact that we didn't catch something soon enough in the queries that we are using. It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful.Right now, I can't give it off to a team and expect them to give me a report that I'm happy with. I will give it to a team and they will have to have another person sit with them to make sure they have configured it right. Some kind of pre-designed templates, pre-designed guidelines, or patterns to compliment the tool would go a long way in helping us use the solution.

    For how long have I used the solution?

    I've been using the solution for five or six years at this point.
    Buyer's Guide
    OWASP Zap
    May 2022
    Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: May 2022.
    598,634 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    From the perspective of the development cycle that we use, we find it stable enough. I don't use it in production or I don't have to update sites running all the time. Once a week when I will build a VM pack, I push into another environment, and that's probably the time I would make it. For me, I find it to be stable enough.

    How are customer service and support?

    I haven't really used technical support. Therefore, I can't really speak to their level of responsiveness or knowledgeability.

    Which solution did I use previously and why did I switch?

    I'm not a security specialist, however, to be clear, we provide services. On a development project, we frequently run into various solutions. It's not just OWASP. It could be Veracode, for example, or multiple other tools. 

    How was the initial setup?

    The initial setup is not necessarily straightforward. Most are complex. You need a senior person to specialize, understand the set up in which they are running, and understand the tools they are going to use. You need to ask: do they know what to look for and support? I wouldn't say it's complex to use. That said, normally the resources are costly.

    What's my experience with pricing, setup cost, and licensing?

    In security, you'd expect the product is priced at a premium, so people don't check the pricing for the most part. In my case, I don't buy the product myself. I have the customers buy it for me. I'm not very worried about the price as a consultant.

    What other advice do I have?

    We are an IT service provider, which means that we use a variety of tools based on what our customer preferences are.  There's all, at most, I would say, about 20 companies that we would have the funds to use the solution with. OWASP is definitely in the top three as a tool that we would probably recommend to our team, as a frequent users' tool, however, I don't believe we have any kind of a formal relationship with the company.  Multiple teams use it. I have not heard of anybody complaining about anything to do with this particular solution. I would say it's pretty good. I would give it a rating of eight out of ten.
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Alan Gallagher - PeerSpot reviewer
    CEO at Virtual Security International
    Real User
    Top 20
    Open-source, easy to install, feature-rich, with good heads-up display and community resources
    Pros and Cons
    • "It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
    • "The forced browse has been incorporated into the program and it is resource-intensive."

    What is our primary use case?

    I use this solution for penetration tests.

    What is most valuable?

    It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display).

    It comes up in your browser and you have control of the program while you are on the website, in your browser. Everything that you can do in the program, you can do from your browser on the fly. It is similar to a targeted attack. You can see what you are doing.

    It's a Java program installed on your computer.

    What needs improvement?

    The forced browse has been incorporated into the program and it is resource-intensive.

    It was a copied program named DIR Buster Doorbuster. It needs to be improved, it's too resource-hungry.

    I found another program that is written in the Go language and it does the same thing, but it is much faster and more efficient. It will crash those proxy programs within Zap if you do more than one, it will take forever.

    It needs to be rewritten, maybe not in Java.

    For how long have I used the solution?

    I have used OWASP quite a bit. I have dealt with this solution for quite a few years. My usage has not been constant, but it has been quite a while.

    We are dealing with the most recent version.

    What do I think about the stability of the solution?

    It creates a database of all the URLs and it can get a little overwhelming. 

    With a large website, you have a lot of URLs, it gets a bit sluggish when loading and saving it, but it really works quite well. It goes in and out of it and goes too slow. It takes a little while to save all of that data.

    What do I think about the scalability of the solution?

    It's a scalable product but its' slow.

    How are customer service and technical support?

    I have not contacted technical support.

    It has a very good forum on the website. The users help each other. It's helpful and resourceful.

    Which solution did I use previously and why did I switch?

    I have used several solutions, such as Nessus, WebInspect, and Retina. The retina is a network scanner but OWASP is the best.

    How was the initial setup?

    It's quick to set up. You can install it in different ways. I run it on Linux, Debian and I have run it on Windows as well.

    What's my experience with pricing, setup cost, and licensing?

    OWASP Zap is free.

    Which other solutions did I evaluate?

    I was making a comparison between OWASP and Acunetix to see what the differences were.

    What other advice do I have?

    I used to work with Homeland security back 10, 15 years ago, in the national cybersecurity division starting up right after 9/11.

    I was on that national cybersecurity team. One of the things they looked into was funding using government money to fund some of these security operations or projects. They decided, and I helped decide, that it would be right for the government to support open-source systems or products because they're not making money out of that market.

    One of the people in the government got involved and helped to get it started. I don't know if they still have a list on their website of donors or contributors, but you can look on that list pretty easily and see if Homeland security is still supporting them.

    I assume it is because it's really well run. It's constantly evolving new versions coming out with new features. It's very well managed and the lead person on it is very sharp. You can go on YouTube and search for a proxy and you will see some deep-dive tutorials. He did a really good job.

    There is a lot to this solution. You can use it superficially, but you need to spend a lot of time learning it. It has a lot of options and a lot of angles.

    I would rate OWASP Zap a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Buyer's Guide
    OWASP Zap
    May 2022
    Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: May 2022.
    598,634 professionals have used our research since 2012.
    PiyushSharma - PeerSpot reviewer
    Technical Specialist(DevOps) at a tech services company with 1,001-5,000 employees
    Real User
    Top 20
    Provides good automatic scanning and privacy; reporting could be improved
    Pros and Cons
    • "Automatic scanning is a valuable feature and very easy to use."
    • "Reporting format has no output, is cluttered and very long."

    What is our primary use case?

    We are using this product at a very basic level to scan reports and then share them with the Dev team for any vulnerabilities. We use the open source version and we are end users. 

    How has it helped my organization?

    The solution has improved company functioning to a certain extent, but it takes a lot of time coordinating with the Dev team because we are using the open source version and not the enterprise version. It's not an awesome solution but we do get the reports we need and there is a good amount of documentation and support. 

    What is most valuable?

    The automatic scanning is a valuable feature and very easy. The major advantage to this solution is the privacy it offers. We are able to achieve our objectives to some extent, but only for non-business critical applications.

    What needs improvement?

    The reporting format could be improved. There is no output, it's cluttered and it's a very, very long report. It would be better if it were in PDF format with a short description, some findings, color coding, and easy to read. What we do now is analyze the HTML report and then rewrite our own shorter reports. I work for a Japanese company and they want the important information to show up. The reports do not really give us recommendations or the points where the vulnerability is coming from so I'd really like to see an improvement in the condition of reports. We should be able to call an API from somewhere and scan applications.

    For how long have I used the solution?

    I've been using this solution for about one year. 

    What do I think about the stability of the solution?

    The product is not that stable and sometimes I have to re-install it and contact the internal IT team. I don't have the admin rights on the laptop. Some features can break down, for example, the browser on the scanning might not open. Slowly our team will be moving towards more critical projects coming from the U.S., Japan and India, so we are definitely planning to upscale. In the next financial year, we're planning to upscale and make it more rigorous.

    How are customer service and technical support?

    We are using the open source version so we have no technical support for now.

    How was the initial setup?

    The installation is very simple. It's just an executable file because for now, we are not using it as a part of CACD or anything else. We have just installed the open source version on the laptop which has simplified things; our toolbox opens up and we just give the URL and it does an automatic scan. So information wise and operational wise, it is easy now. Our team carried out the deployment by first reading, watching videos and taking various courses. We had help from the company security team.

    Which other solutions did I evaluate?

    I carried out an evaluation between Checkmarx and OWASP Zap.

    What other advice do I have?

    If you are working in a very big gaming company and you have the budget, then I'd suggest switching to the enterprise version because the open source version takes time to resolve the regulations and there are sometimes false positives. It takes a lot of effort to figure out how to resolve the vulnerability and then search the same thing in the code. If you're not from the development team, then a lot of coordination is required. Without any support, we are in a black hole sometimes. Some attacks can be very dangerous for the company and for the application. They create delays and I've had to learn how to deal with that. 

    I rate this solution a six out of 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    JoelGeorge - PeerSpot reviewer
    Associate at Tata Consultancy
    Real User
    Top 5
    Scans quickly and works very well, but has a limited scope and needs more comprehensive reporting
    Pros and Cons
    • "Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
    • "The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."

    What is most valuable?

    Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope.

    What needs improvement?

    The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more.

    It should have more reporting options because the reporting options are currently only in HTML, XLS, and so on, but there is nothing in PDF or Word, which makes it a bit less user-friendly. It needs more comprehensive reporting. It already has a reporting system, but it is just not user-friendly.

    For how long have I used the solution?

    I have been using this solution for roughly 12 months. I am using the latest freeware version that is available on the website.

    What do I think about the stability of the solution?

    Its stability is good. 

    What do I think about the scalability of the solution?

    It lacks scalability. It is only good up to a limit.

    How are customer service and support?

    Based on my interactions, they have been very good. They take around 24 hours to get back to you because they're a very large organization that is totally into this. They are quite good. They aren't the best, but they are quite good.

    How was the initial setup?

    Its initial setup was straightforward. It was pretty much immediate. There was no deployment issue. It was done quickly.

    What about the implementation team?

    It was implemented in-house. In terms of maintenance, it doesn't require much maintenance. You need just one person to follow the updates. That's about it.

    What's my experience with pricing, setup cost, and licensing?

    We have used the freeware version. I believe Zap only has freeware.

    What other advice do I have?

    My advice would be to not look at Zap as a one-stop-shop for all your results because Zap cannot do that. Zap is very good for a certain number of basic vulnerabilities or medium to high-level issues, but it can't go beyond that. You can use Zap along with another tool. If you're doing two or three levels of security testing, you can use Zap along with other tools.

    It is more of a learner tool. So, if you're using Zap, it would be best if you use it as a beginner in the field. Once you get into projects or work for people on their applications, you'll definitely end up needing something stronger.

    I would rate it a five out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Subdirector de Seguridad Informática e Infraestructura at a financial services firm with 201-500 employees
    Real User
    Top 20
    Open-source and easy to use with a straightforward setup
    Pros and Cons
    • "The stability of the solution is very good."
    • "It would be a great improvement if they could include a marketplace to add extra features to the tool."

    What is our primary use case?

    Currently, we deploy these tools to serve in a few of our services in the organization.

    What is most valuable?

    The solution is very easy to use.

    The initial setup is straightforward.

    The solution is free due to the fact that it is open-source.

    The stability of the solution is very good.

    The product has a strong community surrounding it to help with issues and troubleshooting.

    What needs improvement?

    The technical support could be improved. It doesn't offer traditional technical support at all.

    It would be a great improvement if they could include a marketplace to add extra features to the tool. It would make it more customizable and allow users to add more features as they like.

    For how long have I used the solution?

    I've been using the solution for a while. I've used it at least over the last 12 months.

    What do I think about the stability of the solution?

    The stability of the solution s very good. We've never had any issues. It's been reliable. There are no bugs or glitches. It doesn't crash or freeze.

    What do I think about the scalability of the solution?

    While the solution can scale to a certain extent, it cannot scale a lot. This is not one of the strengths of the product.

    We only have one user that is engaged with the solution currently.

    How are customer service and technical support?

    OWASP is an open-source solution. There's a big community surrounding it, however, it does not have traditional technical support. The main support comes from the community itself. If you have questions, you can find them there, or ask the community for feedback.

    Which solution did I use previously and why did I switch?

    We previously used the PortSwigger Burp Suite. It's a commercial version with support. We had to pay for the solution on a yearly basis, whereas OWASP is open-source and free.

    How was the initial setup?

    We found the initial setup to be very straightforward. It's easy. It's not complex. A company shouldn't have any issues with the implementation process.

    The deployment only took half an hour. It wasn't more than that. The process is pretty fast.

    YOu do not need a big team to handle the deployment process. We only used two.

    What about the implementation team?

    We deployed the solution ourselves using an in-house team. We didn't need the assistance of consultants or integrators from outside firms.

    What's my experience with pricing, setup cost, and licensing?

    The solution is open-source. It doesn't cost anything to use it.

    What other advice do I have?

    We are a customer and end-user of the product.

    There's lots of information online for users who are curious to learn more about the product.

    In general, I would rate this solution at an eight out of ten. We've been largely satisfied with the product overall.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Eldar Aydayev - PeerSpot reviewer
    President & Owner at Aydayev's Investment Business Group
    Real User
    Top 10Leaderboard
    Provides visibility of queries, but security and the ability to search the internet for other use cases could be better
    Pros and Cons
    • "The solution is scalable."
    • "The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."

    What is our primary use case?

    The solution has certain models. It allows the creation of a pipeline in respect of the interface or of certain content. It enables one to check that the security is as it should be. 

    What is most valuable?

    The solution enables a person to add the certificate and check the queries, to see if there are any that are undefined. This way, a person can have a list of the types of queries and can trace them. 

    What needs improvement?

    The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed. 

    For how long have I used the solution?

    We have been using OWASP Zap for more than four years. 

    What do I think about the stability of the solution?

    The computers perform somewhat slowly when loading a large number of queries into memory. As such, I don't know if it will be possible to use cache on the disk, which would greatly increase performance. 

    What do I think about the scalability of the solution?

    The solution is scalable. It can be run simultaneously for different targets. 

    How are customer service and technical support?

    I have not had experience with using technical support. I make use of a public community on the public website.

    How was the initial setup?

    The initial setup is a bit complex, not straightforward. It could be made easy if, lets say, a project can be defined for a certain task through the project's creation. This may simplify its use. 

    Which other solutions did I evaluate?

    Zap is a very good startup. There is an alternate solution that is a bit more expensive and requires more technical knowledge than OWASP Zap, although both have a model based configuration. The interface allows one to run predefined templates, something OWASP Zap has in common with the other solution. The automation capabilities are similar, as well. 

    What other advice do I have?

    I used the source code design for the deployment.

    I have not had experience with the code crawler, OSWAP Zap code analysis. The solution I was using is run by a search engine. My clients utilize OWASP Zap AST. They do not make use of the code crawler. 

    I rate OWASP Zap as a six out of ten. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Business Analyst at Experion Technologies
    Real User
    Good user interface and easy to use; test reports could be improved
    Pros and Cons
    • "Simple to use, good user interface."
    • "Too many false positives; test reports could be improved."

    What is our primary use case?

    I'm a business analyst and we're a customer of OWASP Zap. 

    What is most valuable?

    The valuable features are that it's very simple to use and the user interface is very good, particularly for beginners so they can start the application easily. It's enough to refer to an online tutorial to be able to start using this application. It's not very complex.

    What needs improvement?

    I'd like to be able to explore more and improvements could be made in that area because for now I'm only able to explore the manual testing feature. I'd also like to see an improvement in test reports because we get too many false positives. 

    For how long have I used the solution?

    I've been using this solution for the past few months. 

    What do I think about the stability of the solution?

    The stability is okay although we get many false positives when pulling out test reports. 

    What do I think about the scalability of the solution?

    The scalability is very good. 

    How are customer service and technical support?

    I haven't needed technical support to date and I haven't yet started using the community support.  

    How was the initial setup?

    The initial setup wasn't very complex. You're supposed to install a JDK, Java file. I think implementation took about an hour. There are seven people in the company using the solution and maybe in the coming days there will be more. 

    What other advice do I have?

    I would definitely recommend this product provided the company can provide more clarity on the false positives that we get. 

    I would rate this solution a seven out of 10. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Information Security Professional at a energy/utilities company with 1,001-5,000 employees
    Real User
    Top 20
    Easy-to-use interface, but the documentation needs to be improved

    What is our primary use case?

    We primarily use this product for web application scanning.

    What is most valuable?

    The interface is easy to use.

    What needs improvement?

    The documentation needs to be improved because I had to learn everything from watching YouTube videos.

    For how long have I used the solution?

    I have been working with OWASP Zap for about three months.

    What do I think about the stability of the solution?

    I have not experienced any trouble in terms of stability.

    What do I think about the scalability of the solution?

    Scalability has not been an issue, so far. There are four of us in the company that can log in to use it.

    How are customer service and technical support?

    I have not been in contact with technical support.

    How was the initial setup?

    The initial setup was straightforward. For me, I just had to press "Next" several times. Between the installation, downloading videos, and investigating how to deploy it, I would say that the process took roughly a day.

    What about the implementation team?

    I did not require third-party assistance for the deployment.

    What was our ROI?

    This solution is providing us with value and as long as it continues to do so, we'll continue to use it.

    What's my experience with pricing, setup cost, and licensing?

    This is an open-source solution and can be used free of charge.

    What other advice do I have?

    This is a good product where most of the functionality is free, which is why I recommend that others use it.

    I would rate this solution a seven out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Buyer's Guide
    Download our free OWASP Zap Report and get advice and tips from experienced pros sharing their opinions.
    Updated: May 2022
    Buyer's Guide
    Download our free OWASP Zap Report and get advice and tips from experienced pros sharing their opinions.