OWASP Zap Reviews and Pricing

Saraswathi B

Test Automation Project Lead at a tech services company with 1,001-5,000 employees

Jul 26, 2016

Download

A useful tool for security testing and penetrations testers.

Pros and Cons

"Simple and easy to learn and master."

"Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."

What is most valuable?

Very good open source security tool supporting the top 10 vulnerabilities (Injections, Session Management, XSS, Authentication, Authorization, etc.).
Simple and easy to learn and master.
Good online product documentation.
Built in features include: Intercepting proxy, Plug and Hack support, Automated scanning, Passing scan, Fuzzer, Traditional and Ajax Crawling and Web Socket support and so on.
Detailed reporting mechanism.
The tool has been translated in 25 different languages.
Can be executed through GUI, command line and also in Daemon mode with the help of REST API.
Very good API support for automating security tests.
Supports multiple platforms like Mac, Linux and Windows.
It's easy to create add-ons and extensions to scale up the features of the tool.

How has it helped my organization?

We have leveraged our existing functional tests for security testing by integrating web driver scripts with the OWASP ZAP tool.

What needs improvement?

Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation.

For how long have I used the solution?

6 months

Buyer's Guide

OWASP Zap

September 2025

Free Report: OWASP Zap Reviews and More

Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: September 2025.

DOWNLOAD NOW

868,787 professionals have used our research since 2012.

What was my experience with deployment of the solution?

Did not encounter any issues. It's easy to install and configure.

What do I think about the stability of the solution?

So far I am very comfortable and did not find any stability related issues.

What do I think about the scalability of the solution?

It is scalable, by creating new extensions and add-ons for the tool. But we faced a couple of challenges initially which were solved with the help of online documentation

How are customer service and support?

Customer Service:

4/10

Technical Support:

4/10

Which solution did I use previously and why did I switch?

How was the initial setup?

It is very simple to install and configure.

What about the implementation team?

We have implemented this with the in-house team support.

What was our ROI?

Instead of creating a new framework for security tests, it helped us to leverage (reuse) existing functional test automation framework for security tests. This reduces lot of rework.

What's my experience with pricing, setup cost, and licensing?

It is highly recommended as it is an open source tool.

Which other solutions did I evaluate?

No, we are happy with the features provided with this tool, but if you want to go with static code analysis for security tests, we need to find a different option here.

What other advice do I have?

Very good and useful tool for security testing and penetrations testers.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Saraswathi BTest Automation Project Lead at a tech services company with 1,001-5,000 employees

Report as inappropriate

Jul 30, 2016

Note that this tool will not cover 100% of (comprehensive) security testing, But will be beneficial for basic level of security tests along with functional tests.