We performed a comparison between Ixia BreakingPoint and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We use Ixia BreakingPoint for Layer 7 traffic generation. That's what we like."
"There is a virtual version of the product which is scaled to 100s of virtual testing blades."
"The DDoS testing module is useful and quick to use."
"The solution has many protocols and options, making it very flexible."
"The most valuable feature of Ixia BreakingPoint is the ransomware and malware database for simulated attacks."
"I like that we can test cloud applications."
"It is a scalable solution."
"It scans while you navigate, then you can save the requests performed and work with them later."
"The application scanning feature is the most valuable feature."
"The interface is easy to use."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"Simple and easy to learn and master."
"The most valuable feature is scanning the URL to drill down all the different sites."
"Fuzzer and Java APIs help a lot with our custom needs."
"The solution is scalable."
"The production traffic simulations are not realistic enough for some types of DDoS attacks."
"The solution originally was hard to configure; I'm not sure if they've updated this to make it simpler, but if not, it's something that could be streamlined."
"The price could be better."
"I would appreciate some preconfigured network neighborhoods, which are predefined settings for testing networks."
"They should improve UI mode packages for the users."
"The quality of the traffic generation could be improved with Ixia BreakingPoint, i.e. to get closer to being accurate in what a real user will do."
"The integration could improve in Ixia BreakingPoint."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
"Too many false positives; test reports could be improved."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"It doesn't run on absolutely every operating system."
Ixia BreakingPoint is ranked 23rd in Static Application Security Testing (SAST) with 8 reviews while OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews. Ixia BreakingPoint is rated 8.4, while OWASP Zap is rated 7.6. The top reviewer of Ixia BreakingPoint writes "Works better for testing traffic, mix profile, and enrollment scenarios than other solutions". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Ixia BreakingPoint is most compared with Spirent CyberFlood and Synopsys Defensics, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and Veracode. See our Ixia BreakingPoint vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.