Try our new research platform with insights from 80,000+ expert users

Acunetix vs OWASP Zap comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 12, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Acunetix
Ranking in Static Application Security Testing (SAST)
14th
Average Rating
7.8
Reviews Sentiment
6.9
Number of Reviews
32
Ranking in other categories
Application Security Tools (17th), Vulnerability Management (23rd), DevSecOps (6th)
OWASP Zap
Ranking in Static Application Security Testing (SAST)
11th
Average Rating
7.6
Reviews Sentiment
7.5
Number of Reviews
39
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of April 2025, in the Static Application Security Testing (SAST) category, the mindshare of Acunetix is 3.5%, up from 2.7% compared to the previous year. The mindshare of OWASP Zap is 5.1%, down from 5.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

AnubhavGoswami - PeerSpot reviewer
Attractive automated reports with boost user productivity and an easy setup
The primary use is mainly related to vulnerability assessment, including both public and internal IP addresses By using this tool, we have reduced the workload and increased the productivity of users. It generates automated reports. This feature is beneficial when sharing reports with clients as…
Amit Beniwal - PeerSpot reviewer
Simplifies vulnerability discovery and has high quality support
There are areas for improvement with OWASP Zap, particularly in the alignment of vulnerabilities concerning CVSS scores. Sometimes, a vulnerability initially categorized as high severity may be reduced to medium or low over time after security patches are applied. This alignment with the present severity score and CVSS score could be improved.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I haven't seen reporting of that level in any other tool."
"The most important feature is that it's a web-based graphical user interface. That is a great addition. Also, the ability to schedule scans is great."
"I find it to be one of the most comprehensive tools, with support for manual intervention."
"One of the features that I feel is groundbreaking, that I would like to see expanded on, is the IAS feature: The Interactive Application Security Testing module that gets loaded onto an application on a server, for more in-depth, granular findings. I think that is really neat. I haven't seen a lot of competitors doing that."
"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
"For us, the most valuable aspect of the solution is the log-sequence feature."
"The product is really easy to use."
"There is a lot of documentation on their website which makes setting it up and using it quite simple."
"Simple and easy to learn and master."
"Automatic updates and pull request analysis."
"OWASP Zap is a good tool, one of my favorites for a long time, and I would recommend it."
"The most valuable feature is scanning the URL to drill down all the different sites."
"The stability of the solution is very good."
"Automatic scanning is a valuable feature and very easy to use."
"Simple to use, good user interface."
"OWASP is quite matured in identifying the vulnerabilities."
 

Cons

"You can't actually change your password after you've set it unless you go back into the administration account and you change it there. Thus, if you're locked out and don't remember your password, that's a thing."
"The solution's pricing could be better."
"The cost can be reduced as management has noted it to be on the higher side."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved."
"When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic."
"We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic."
"While we do have it integrated with other solutions, it could still offer more integrations."
"Too many false positives; test reports could be improved."
"OWASP should work on reducing false positives by using AI and ML algorithms."
"The automated vulnerability assessments that the application performs needs to be simplified as well as diversified."
"There isn't too much information about it online."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"Lacks resources where users can internally access a learning module from the tool."
"The forced browse has been incorporated into the program and it is resource-intensive."
"The product reporting could be improved."
 

Pricing and Cost Advice

"The price is exceptionally high."
"The pricing and licensing are reasonable to a point. In order to run multiple scans at a time, we are going to have to purchase a 100 count license, which is an overkill. Though, compared to what we were paying for, the cost seems reasonable."
"When we looked at all other vendors and what they were asking for, to provide a third of what Acunetix was capable of doing, it was an easy decision... But now that it's coming to a cost where it's line with market value, it becomes more of a competition... Acunetix is raising the cost of licensing. It's 3.5 times what we were initially quoted."
"When compared with other products, the pricing is a little bit high. But it gives value for the price. It serves the purpose and is worthwhile for the price we pay."
"The solution is expensive."
"All things considered, I think it has a good price/value ratio."
"Implementing Acunetix needs a medium or larger business agency, because you need some money to get Acunetix. It is costly, but if you care about your agency's security, then maybe it's a cost that might help you in the future."
"Acunetix was around the same price as all the other vendors we looked at, nothing special."
"It's free. It's good for us because we don't know what the extent of our use will be yet. It's good to start with something free and easy to use."
"This solution is open source and free."
"This is an open-source solution and can be used free of charge."
"The tool is open source."
"It is highly recommended as it is an open source tool."
"It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy."
"As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."
"OWASP Zap is free to use."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
845,406 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Financial Services Firm
14%
Government
9%
Manufacturing Company
8%
Computer Software Company
18%
Financial Services Firm
12%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Acunetix Vulnerability Scanner?
The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning time depends on the application's code.
What is your primary use case for Acunetix Vulnerability Scanner?
I typically use Acunetix ( /products/acunetix-reviews ) to identify vulnerabilities for clients.
What advice do you have for others considering Acunetix Vulnerability Scanner?
I would recommend Acunetix to others. Overall, I rate this solution seven out of ten.
Is OWASP Zap better than PortSwigger Burp Suite Pro?
OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with ...
What do you like most about OWASP Zap?
The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, i...
What is your experience regarding pricing and costs for OWASP Zap?
OWASP might be cost-effective, however, people prefer to use the free edition available as open source.
 

Also Known As

AcuSensor
No data available
 

Overview

 

Sample Customers

Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand
1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS
Find out what your peers are saying about Acunetix vs. OWASP Zap and other solutions. Updated: March 2025.
845,406 professionals have used our research since 2012.