OWASP Zap Reviews

Users reported significant improvements in security measures, enhanced vulnerability detection, and increased overall protection. 

The tool was praised for its user-friendly interface, extensive features, and effectiveness in identifying potential threats. 

Users also highlighted the cost-effectiveness of OWASP Zap, as it provided robust security solutions without requiring substantial financial investments.

OWASP Zap is widely recommended for enterprise buyers as a free and open-source security assessment tool. Offered under the Apache 2 license, it provides features comparable to many commercial solutions without associated licensing or setup costs. Users appreciate it as a cost-effective option, especially when evaluating security tools, since it does not require upfront financial commitment. While indirect resource costs may occur during deployment, its freeware nature appeals strongly to users seeking non-commercial solutions.

• "It is open source, and we can scan freely."
• "The tool is open source."
• "The tool is open-source."

Organizations primarily use OWASP Zap for web application security testing, focusing on identifying vulnerabilities through manual and automated scans. Common applications include penetration testing, vulnerability assessments, and ensuring application security pre-deployment. Many utilize the tool for spidering websites, scanning pipelines, and generating reports for analysis and auditing. Users integrate OWASP Zap into development cycles and DevOps pipelines to find and address security issues, safeguarding applications before taking them live.

Customer service and support for OWASP Zap show mixed experiences. Community and documentation support appear well-regarded, with users frequently resolving issues via forums. Some praise maintainers for exceptional support beyond expectations, though many rely on forums rather than direct technical assistance. A few rate support as excellent when engaged but note delayed response or absence of traditional channels. OWASP Zap benefits from strong community involvement, though conventional technical support might not be prevalent.

Users describe the initial setup of OWASP Zap as generally easy and straightforward, particularly praising its quick deployment. It's noted that setup is manageable for technical users due to good documentation. While some find it very simple, others mention complexities, especially when integrating with specific environments. Using API presents slight difficulty, but many find installation on platforms like Linux embedded and automated. Whether on-premise or cloud, setup typically requires only minimal time and personnel.

OWASP Zap exhibits varied scalability experiences. Some find it scalable, citing extensions and API capabilities, while others encounter limitations, calling it only somewhat scalable. Users use it simultaneously for different targets, with flexibility noted. Challenges with scaling are occasionally faced, though others mention good scaling with resources. Different teams leverage Zap for scanning vulnerabilities, and adapting to customer needs, with usage potential planned for increase. Ratings for scalability range, highlighting diverse user experiences.

OWASP Zap is generally stable, with minimal issues reported. Most users find it reliable, though some experience lag when handling large data volumes or numerous requests. Performance can be a bit slow in virtual environments like Kali Linux or when dealing with substantial payloads. Organizations mention occasional false positives and some configurations needed to optimize performance. However, most agree it's a dependable tool with high stability ratings, often cited as eight or nine out of ten.