Senior Security Engineer at a media company with 1,001-5,000 employees
03 February 19
We have a corporate deal and we're almost at the end of that contract. We are looking to renew Acunetix, but we were told that the price was increasing greatly because of some advanced capabilities, or miscalculations of value. It's increasing by 3.5-fold from what the initial quote was. Because of that, we have to go back to the drawing board and figure out cost-to-capability value, versus features that we could get for that same amount. At the current pricing structure, it doesn't save us money. It winds up costing the program money due to the fact that it's increasing in cost. At the time when we signed up initially, it was very beneficial because of its cost. When we looked at all other vendors and what they were asking, to provide a third of what Acunetix was capable of doing, it was an easy decision. With the IAS modules and everything else that we got as an add-on, it made it a real value compared to all the other competitors out there. But now that it's coming to a cost where it's line with market value, it becomes more of a competition.
One of the most popular comparisons on IT Central Station is Netsparker Web Application Security Scanner vs OWASP Zap.
People like you are trying to decide which one is best for their company. Can you help them out?
Which of these two solutions would you recommend for Application Security? Why?
Thanks for helping your peers make the best decision!
I could choose Owasp Zap application instead of Nesparker app. The reason is simple, the solutions are very similar but I could do the same things using Zap for free.
If I should pay for a complete tool, I could buy BurpSuite. That tool that could offer me more capabilities and extensions.
Definitely, I would like to choose Owasp Zap (it has a big community behind the project).
General Manager at a tech services company with 1,001-5,000 employees
27 March 18
ZAP is free and does a fairly good job...However, it requires manual intervention and lacks many of the features that a commertial tool provides..If cost is not a factor, you should go for Netsparker/ AppScan etc. Alternatively you can start with ZAP and see if it meets your requirement and plan to upgrade accordingly.