We performed a comparison between Fortify Software Security Center and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The reporting is very useful because you can always view an entire list of the issues that you have."
"You can easily download the tool's rule packs and update them."
"This is a stable solution at the end of the day."
"The solution has tightened our security."
"It's great that we can use it with Portswigger Burp."
"Automatic updates and pull request analysis."
"The solution is good at reporting the vulnerabilities of the application."
"This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer."
"It has improved my organization with faster security tests."
"The interface is easy to use."
"The product discovers more vulnerabilities compared to other tools."
"Fortify Software Security Center's setup is really painful."
"This solution is difficult to implement, and it should be made more comfortable for the end-users."
"We are having issues with false positives that need to be resolved."
"OWASP Zap needs to extend to mobile application testing."
"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"The product reporting could be improved."
"There's very little documentation that comes with OWASP Zap."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"ZAP's integration with cloud-based CICD pipelines could be better. The scan should run through the entire pipeline."
"Reporting format has no output, is cluttered and very long."
More Fortify Software Security Center Pricing and Cost Advice →
Fortify Software Security Center is ranked 27th in Static Application Security Testing (SAST) with 3 reviews while OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews. Fortify Software Security Center is rated 7.4, while OWASP Zap is rated 7.6. The top reviewer of Fortify Software Security Center writes "A fair-priced solution that helps with application security testing ". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Fortify Software Security Center is most compared with Fortify on Demand and Checkmarx One, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and PortSwigger Burp Suite Professional. See our Fortify Software Security Center vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.