We use this product for vulnerability scanning and for testing. I'm an automation engineer.
Great HUD feature that provides on-site testing and saves a lot of time
Pros and Cons
- "The HUD is a good feature that provides on-site testing and saves a lot of time."
- "There are too many false positives."
What is our primary use case?
What is most valuable?
The HUD, Heads Up Display, is a good feature. It provides on-site testing and saves a lot of time.
What needs improvement?
We get too many false positives and that should definitely be improved. I'd like to see site scanning included in the solution because it can get into your hidden files and reports.
For how long have I used the solution?
I've been using this solution for one year.
Buyer's Guide
OWASP Zap
June 2025
Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
860,632 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is not scalable.
How was the initial setup?
The initial setup is straightforward and was carried out in-house without assistance from a third party.
What other advice do I have?
It's worth exploring and learning the tool. It helps a lot to understand the vulnerabilities in the applications. I rate the solution eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
Download our free OWASP Zap Report and get advice and tips from experienced pros
sharing their opinions.
Updated: June 2025
Product Categories
Static Application Security Testing (SAST)Popular Comparisons
SonarQube Server (formerly SonarQube)
GitLab
Checkmarx One
Veracode
Coverity
OpenText Core Application Security
SonarQube Cloud (formerly SonarCloud)
Acunetix
HCL AppScan
PortSwigger Burp Suite Professional
Qualys Web Application Scanning
Invicti
Semgrep
Kiuwan
Buyer's Guide
Download our free OWASP Zap Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Is OWASP Zap better than PortSwigger Burp Suite Pro?
- What is the biggest difference between OWASP Zap and PortSwigger Burp?
- What is the biggest difference between OWASP Zap and Qualys?
- What Application Security Solution Do You Use That Is DevOps Friendly?
- Which is the most comprehensive open source Web Security Testing tool?
- What is the best Application Security Testing platform?
- When evaluating Application Security Testing, what aspect do you think is the most important to look for?
- SAST vs. DAST: Which is better for application security testing?
- What tools do you rely on for building a DevSecOps pipeline?
- What does the Log4j/Log4Shell vulnerability mean for your company?
