OWASP Zap vs Qwiet AI comparison

"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."

"The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool."

"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."

"The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's very difficult."

"It scans while you navigate, then you can save the requests performed and work with them later."

"It updates repositories and libraries quickly."

"The ZAP scan and code crawler are valuable features."

"The product discovers more vulnerabilities compared to other tools."

"When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness."

"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."

"There are areas for improvement with OWASP Zap, particularly in the alignment of vulnerabilities concerning CVSS scores."

"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."

"Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."

"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."

"I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help."

"The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."

"It would be nice to have a solid SQL injection engine built into Zap."

"Having support from senior management is crucial in making it mandatory for teams to collaborate with the security team throughout the development process."

"As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."

"This is an open-source solution and can be used free of charge."

"The solution’s pricing is high."

"It is highly recommended as it is an open source tool."

"OWASP ZAP is a free tool provided by OWASP’s engineers and experts. There is an option to donate."

"We have used the freeware version. I believe Zap only has freeware."

"The tool is open source."

"This solution is open source and free."