Hi community,
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.
OWASP ZAP is open source, free to use and one of the most active open source projects in DAST space. There are weekly updates being done to this project. Lot of add-ons are available which make this an excellent product. The newly created automation framework (AF) is the future direction for this product.
We have used the freeware version. I believe Zap only has freeware.
The solution is open-source. It doesn't cost anything to use it.
In security, you'd expect the product is priced at a premium, so people don't check the pricing for the most part. In my case, I don't buy the product myself. I have the customers buy it for me. I'm not very worried about the price as a consultant.
This is an open-source solution and can be used free of charge.
This app is completely free and open source. So there is no question about any pricing.
As far as pricing concerns, for value in the commercial solutions when it comes to security testing tools, it is Burp Suite. Some Burp Suite licenses are available for $300 over a 1-year term, which is pocket-friendly for us. We feel that PortSwigger Burp Suite is the best value for the money that we get. When it comes to clients looking for non-commerical licenses, OWASP Zap tool is the best fit.
It's free. It's good for us because we don't know what the extent of our use will be yet. It's good to start with something free and easy to use.
I would like to know if nowadays (2021) the license of Burp Suite Pro is worth the cost. Is it a good option to use OWASP Zap instead for testing security in web applications?