No more typing reviews! Try our Samantha, our new voice AI agent.
OWASP Zap Logo

OWASP Zap pros and cons

Vendor: OWASP
3.8 out of 5
Leave a review

Pros & Cons summary

OWASP Zap offers ease of learning and powerful API functionality, supporting security with automatic scanning and pull request analysis. Its scalability suits internal audits. Cost-effective, it integrates with SonarQube and Portswigger Burp. Effective for smaller companies, its HUD improves on-site testing, though online documentation needs updates. Enhancements are required in reporting, cloud integration, and noise cancellation. Mobile testing support and proactive resources would bolster its features and reliability.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

OWASP Zap is recognized for its simplicity and ease of use, making it accessible for users of varying expertise.
Its API capabilities are exceptional, providing flexibility and integration options in different systems.
OWASP Zap offers effective vulnerability scanning and has matured in identifying security threats quickly and accurately.
The open-source nature of OWASP Zap allows for seamless integration with other tools and systems, which is advantageous for continuous integration environments.
It is highly valued for improving organizational security practices and enabling frequent and safer deployments of web applications.

CONS

Online documentation for OWASP Zap can be improved with updates to support all features and automation methods.
False positives and limited scope make its reporting and vulnerability assessments unreliable and cluttered.
A more robust SQL injection engine and integration with cloud-based CICD pipelines are lacking.
Lack of scalability, limited coverage of security flaws, and no alignment with CVSS scores impact performance.
The support team requires improvement in proactivity and technical assistance.
 

OWASP Zap Pros review quotes

NK
Nithin-K
Technical Analyst at Hexaware Technologies Limited
May 15, 2025
I consider OWASP Zap to be the most effective solution overall; being open source allows integration with other systems via OWASP Zap APIs.
Read full review
Amit Beniwal - PeerSpot reviewer
Amit Beniwal
Project Manager at Al Hassan LLC
Nov 11, 2024
One valuable feature of OWASP Zap is that it is simple to use.
Read full review
Prasant Pokarnaa - PeerSpot reviewer
Prasant Pokarnaa
Delivery Head - DevOps at Datamato Technologies
Nov 1, 2024
OWASP is quite matured in identifying the vulnerabilities.
Read full review
Buyer's Guide
OWASP Zap
April 2026
Free Report: OWASP Zap Reviews and More
Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.
DOWNLOAD NOW
893,244 professionals have used our research since 2012.
Arther Magaya - PeerSpot reviewer
Arther Magaya
Head Of Information Security at Aura
Apr 8, 2025
OWASP Zap is straightforward to use. If someone doesn't have the budget for tools like Burp Suite, OWASP Zap is an excellent alternative.
Read full review
PN
FA9
Researcher in Cyber Security at Sekolah Tinggi Ilmu Statistik BPS
Mar 11, 2024
The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's very difficult.
Read full review
DD
Delmain Deyzel
Cloud Solutions Architect at TANGENT SOLUTIONS
Mar 19, 2024
The ZAP scan and code crawler are valuable features.
Read full review
NathanNV - PeerSpot reviewer
NathanNV
Elite Global CISO at Scybers
Oct 17, 2023
The product helps users to scan and fix vulnerabilities in the pipeline.
Read full review
YK
Yudhistiro Kusumonegoro
Security Officer at UnDisclosed
May 4, 2023
Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high.
Read full review
AnkithKumar - PeerSpot reviewer
AnkithKumar
Application Security Consultant at a tech services company with 10,001+ employees
Jun 22, 2022
The solution has tightened our security.
Read full review
Gebran Hadchity - PeerSpot reviewer
Gebran Hadchity
Head Of Development at VALOORES
Jun 13, 2023
The product discovers more vulnerabilities compared to other tools.
Read full review
Show 10 more reviews (out of 41)
 

OWASP Zap Cons review quotes

NK
Nithin-K
Technical Analyst at Hexaware Technologies Limited
May 15, 2025
When comparing OWASP Zap and Burp Suite, the main difference besides pricing is that OWASP Zap has limitations with reporting levels and UI, which affects its reporting capabilities, whereas Burp Suite is already advancing with new AI features and scanning capabilities that OWASP Zap seems to be lacking.
Read full review
Amit Beniwal - PeerSpot reviewer
Amit Beniwal
Project Manager at Al Hassan LLC
Nov 11, 2024
There are areas for improvement with OWASP Zap, particularly in the alignment of vulnerabilities concerning CVSS scores.
Read full review
Prasant Pokarnaa - PeerSpot reviewer
Prasant Pokarnaa
Delivery Head - DevOps at Datamato Technologies
Nov 1, 2024
OWASP should work on reducing false positives by using AI and ML algorithms.
Read full review
Buyer's Guide
OWASP Zap
April 2026
Free Report: OWASP Zap Reviews and More
Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.
DOWNLOAD NOW
893,244 professionals have used our research since 2012.
Arther Magaya - PeerSpot reviewer
Arther Magaya
Head Of Information Security at Aura
Apr 8, 2025
OWASP Zap could benefit from a noise cancellation feature like that of Burp Suite Professional, where AI helps reduce certain non-critical findings.
Read full review
PN
FA9
Researcher in Cyber Security at Sekolah Tinggi Ilmu Statistik BPS
Mar 11, 2024
It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results.
Read full review
DD
Delmain Deyzel
Cloud Solutions Architect at TANGENT SOLUTIONS
Mar 19, 2024
Sometimes, we get some false positives.
Read full review
NathanNV - PeerSpot reviewer
NathanNV
Elite Global CISO at Scybers
Oct 17, 2023
The technical support team must be proactive.
Read full review
YK
Yudhistiro Kusumonegoro
Security Officer at UnDisclosed
May 4, 2023
The solution is somewhat unreliable because after we get the finding, we have to manually verify each of its findings to see whether it's a false positive or a true finding, and it takes time.
Read full review
AnkithKumar - PeerSpot reviewer
AnkithKumar
Application Security Consultant at a tech services company with 10,001+ employees
Jun 22, 2022
Lacks resources where users can internally access a learning module from the tool.
Read full review
Gebran Hadchity - PeerSpot reviewer
Gebran Hadchity
Head Of Development at VALOORES
Jun 13, 2023
The product should allow users to customize the report based on their needs.
Read full review
Show 10 more reviews (out of 41)

Product Categories

Product Categories
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube vs OWASP Zap Logo
SonarQube vs OWASP Zap
Snyk vs OWASP Zap Logo
Snyk vs OWASP Zap
Checkmarx One vs OWASP Zap Logo
Checkmarx One vs OWASP Zap
GitLab vs OWASP Zap Logo
GitLab vs OWASP Zap
Veracode vs OWASP Zap Logo
Veracode vs OWASP Zap
Coverity Static vs OWASP Zap Logo
Coverity Static vs OWASP Zap
Acunetix vs OWASP Zap Logo
Acunetix vs OWASP Zap
PortSwigger Burp Suite Professional vs OWASP Zap Logo
PortSwigger Burp Suite Professional vs OWASP Zap
OpenText Core Application Security vs OWASP Zap Logo
OpenText Core Application Security vs OWASP Zap
HCL AppScan vs OWASP Zap Logo
HCL AppScan vs OWASP Zap
Semgrep vs OWASP Zap Logo
Semgrep vs OWASP Zap
Qualys Web Application Scanning vs OWASP Zap Logo
Qualys Web Application Scanning vs OWASP Zap
Invicti vs OWASP Zap Logo
Invicti vs OWASP Zap
Aikido Security vs OWASP Zap Logo
Aikido Security vs OWASP Zap
Contrast Security Assess vs OWASP Zap Logo
Contrast Security Assess vs OWASP Zap
See all alternatives

Product Categories

Product Categories
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube vs OWASP Zap Logo
SonarQube vs OWASP Zap
Snyk vs OWASP Zap Logo
Snyk vs OWASP Zap
Checkmarx One vs OWASP Zap Logo
Checkmarx One vs OWASP Zap
GitLab vs OWASP Zap Logo
GitLab vs OWASP Zap
Veracode vs OWASP Zap Logo
Veracode vs OWASP Zap
Coverity Static vs OWASP Zap Logo
Coverity Static vs OWASP Zap
Acunetix vs OWASP Zap Logo
Acunetix vs OWASP Zap
PortSwigger Burp Suite Professional vs OWASP Zap Logo
PortSwigger Burp Suite Professional vs OWASP Zap
OpenText Core Application Security vs OWASP Zap Logo
OpenText Core Application Security vs OWASP Zap
HCL AppScan vs OWASP Zap Logo
HCL AppScan vs OWASP Zap
Semgrep vs OWASP Zap Logo
Semgrep vs OWASP Zap
Qualys Web Application Scanning vs OWASP Zap Logo
Qualys Web Application Scanning vs OWASP Zap
Invicti vs OWASP Zap Logo
Invicti vs OWASP Zap
Aikido Security vs OWASP Zap Logo
Aikido Security vs OWASP Zap
Contrast Security Assess vs OWASP Zap Logo
Contrast Security Assess vs OWASP Zap
See all alternatives
Related questions
  • 197
Is OWASP Zap better than PortSwigger Burp Suite Pro?
  • 84
What is the biggest difference between OWASP Zap and PortSwigger Burp?
  • 30
What is the biggest difference between OWASP Zap and Qualys?
  • 296
What Application Security Solution Do You Use That Is DevOps Friendly?
  • 41
Which is the most comprehensive open source Web Security Testing tool?
  • 62
What is the best Application Security Testing platform?
  • 54
When evaluating Application Security Testing, what aspect do you think is the most important to look for?
  • 92
SAST vs. DAST: Which is better for application security testing?
  • 66
What tools do you rely on for building a DevSecOps pipeline?
  • 151
What does the Log4j/Log4Shell vulnerability mean for your company?