Researcher in Cyber Security at Sekolah Tinggi Ilmu Statistik BPS
Real User
Top 5
Mar 11, 2024
The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's very difficult.
Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high.
Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope.
Senior Manager at a marketing services firm with 10,001+ employees
Real User
Jun 24, 2019
The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information.
This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer.
OWASP Zap is a free and open-source web application security scanner.
The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues.
With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.
The ZAP scan and code crawler are valuable features.
The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's very difficult.
The application scanning feature is the most valuable feature.
We use the solution for security testing.
The product helps users to scan and fix vulnerabilities in the pipeline.
ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube.
Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high.
It's great that we can use it with Portswigger Burp.
The HUD is a good feature that provides on-site testing and saves a lot of time.
The most valuable feature is scanning the URL to drill down all the different sites.
The solution has tightened our security.
Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope.
It updates repositories and libraries quickly.
It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display).
They offer free access to some other tools.
The solution is scalable.
Automatic scanning is a valuable feature and very easy to use.
The stability of the solution is very good.
The solution is good at reporting the vulnerabilities of the application.
The interface is easy to use.
Simple to use, good user interface.
Automatic updates and pull request analysis.
The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information.
The scalability of this product is very good.
The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool.
This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer.
It can be used effectively for internal auditing.
The community edition updates services regularly. They add new vulnerabilities into the scanning list.