OWASP Zap vs Synopsys API Security Testing [EOL] comparison

"They offer free access to some other tools."

"This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer."

"The vulnerabilities that it finds, because the primary goal is to secure applications and websites."

"The solution is scalable."

"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."

"I consider OWASP Zap to be the most effective solution overall; being open source allows integration with other systems via OWASP Zap APIs."

"As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."

"One valuable feature of OWASP Zap is that it is simple to use."

"The most valuable features of Synopsys API Security Testing are the metrics, results, and threat vectors that it shares."

"The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."

"I prefer Burp Suite to OWASP Zap because of the extensive coverage it offers."

"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."

"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."

"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."

"It needs more robust reporting tools."

"There are areas for improvement with OWASP Zap, particularly in the alignment of vulnerabilities concerning CVSS scores."

"Lacks resources where users can internally access a learning module from the tool."

"The solution required us to use our team and we spoke to Synopsys API Security Testing's support to do the implementation. We use two people from our team for the implementation. and one person for maintenance."

"This solution is open source and free."

"OWASP Zap is free to use."

"This is an open-source solution and can be used free of charge."

"The solution’s pricing is high."

"As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."

"It's free. It's good for us because we don't know what the extent of our use will be yet. It's good to start with something free and easy to use."

"This app is completely free and open source. So there is no question about any pricing."

"It is open source, and we can scan freely."