What is your primary use case for OWASP Zap?

I have been working with OWASP Zap for a few years now, and it is similar to Burp Suite, being open source, but it has limitations, especially with the minimal scan engines that it offers compared to Burp Suite.

I primarily use OWASP Zap for DevSecOps within the pipeline. It's mainly integrated via a YAML file into GitHub actions. In addition to that, I use it for external tests like web crawling and web application penetration tests.

We use OWASP Zap primarily for discovering vulnerabilities in our web application security testing. We use one standalone deployment of this solution.

OWASP is only meant for two or three different types of scans. It is a tool which will scan the code for security for vulnerabilities.

I use the solution to follow the framework and help my developers develop apps securely from the ground up with the right practices in mind. As part of the DevOps process, we use the tool to scan and see if the web apps are vulnerable. We integrated the tool into our development life cycle for security testing in our DevOps pipeline. We use the tool to spider and test the website.

I use it for vulnerability scanning. It has automatic methods. It's great.

We use it for our security scanning for our applications.

We use the solution for security testing.

We use the solution for scanning pipelines.

We use ZAP for penetration testing.

OWASP Zap is used for dynamic testing. So when any kind of application, like, a web application, needs to be tested for its security and vulnerabilities. It is also used to crawl the site and then to enumerate all the input or the possible exploitation points, and then we try to exploit any blockings within OWASP Zap.

I primarily use the solution for different use cases. It's good for analysis. It also offers additional extensions you can take advantage of. There are different scan extensions you can leverage.

We use this product for vulnerability scanning and for testing. I'm an automation engineer.

Our primary use case for this solution is for reviewing applications developed in-house to test for known vulnerabilities, and we deploy this product on-premises. Additionally, we use the solution to review some applications that were developed in-house and test for any general or known vulnerabilities before moving them to the production environment.

I use this solution to test applications; web applications, web APIs, and infrastructure. For the web APIs and applications, I use OWASP Zap for interpreting requests and responses, and to see how the application behaves to resist payloads. This is one of the basic applications for us to automate and test. We are customers of OWASP Zap and I'm an application security consultant.

Zap collects all the AJAX and Ambelo GS links. It pages in everything from a target. I'm a security consultant and we are customers of Zap.

I use this solution for penetration tests.

We use OWASP Zap for web application security scanning.

The solution has certain models. It allows the creation of a pipeline in respect of the interface or of certain content. It enables one to check that the security is as it should be.

We are using this product at a very basic level to scan reports and then share them with the Dev team for any vulnerabilities. We use the open source version and we are end users.

Currently, we deploy these tools to serve in a few of our services in the organization.

Currently, we build our products for the banking industry and use this solution in that process. From a development cycle, we update the SQL injections that basically shows what a developer may have to address. Then, if there is still a problem, we're concerned at the architect level. That's at least initially reported by the customers when they do another round of review after we deliver our code.

We primarily use this product for web application scanning.

I'm a business analyst and we're a customer of OWASP Zap.

Our primary use case is for scanning. We have Bamboo, Nexus and Artifactory and we are able to make snapshots. When we get a pull request we're able to make another snapshot and we compare the two snapshots together and can see what is new in the pull request. We can see which libraries are there and that enables us to see the vulnerabilities. I'm an embedded software engineer.

We primarily use this application for web application spidering and vulnerability assessment.

We only tried out the demo to see what the solution offers and how it performs overall business scanning. They also offer open-source projects.

I focus on software application security. In most of the scenarios that we come across, the customers want complete assurance on security of their platforms/products/applications. Clients reach out to us for our abilities to unearth security issues. I get to use these tools to assess products/platforms before they go live to the market.

Our primary use case of this solution is to scan and check that the applications we put on the internet are safe and secure.

It is a security tool. We use it for application testing.

The use case was we needed to scan our website to find out what vulnerabilities were present. We use it to scan the website, then take a report about what vulnerabilities are present on it. Next, we will manually verify those vulnerabilities for false positives.