OWASP Zap vs Synopsys API Security Testing [EOL] comparison

"The product helps users to scan and fix vulnerabilities in the pipeline."

"OWASP is quite matured in identifying the vulnerabilities."

"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."

"The vulnerabilities that it finds, because the primary goal is to secure applications and websites."

"OWASP Zap is a good tool, one of my favorites for a long time, and I would recommend it."

"Automatic updates and pull request analysis."

"The API is exceptional."

"One valuable feature of OWASP Zap is that it is simple to use."

"The most valuable features of Synopsys API Security Testing are the metrics, results, and threat vectors that it shares."

"ZAP's integration with cloud-based CICD pipelines could be better. The scan should run through the entire pipeline."

"It would be nice to have a solid SQL injection engine built into Zap."

"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word ​list, or manually created."

"Lacks resources where users can internally access a learning module from the tool."

"It would be a great improvement if they could include a marketplace to add extra features to the tool."

"OWASP should work on reducing false positives by using AI and ML algorithms."

"There are areas for improvement with OWASP Zap, particularly in the alignment of vulnerabilities concerning CVSS scores."

"The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."

"The solution required us to use our team and we spoke to Synopsys API Security Testing's support to do the implementation. We use two people from our team for the implementation. and one person for maintenance."

"As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."

"The tool is open source."

"This is an open-source solution and can be used free of charge."

"It is open source, and we can scan freely."

"It's free. It's good for us because we don't know what the extent of our use will be yet. It's good to start with something free and easy to use."

"OWASP ZAP is a free tool provided by OWASP’s engineers and experts. There is an option to donate."

"This solution is open source and free."

"It is highly recommended as it is an open source tool."