Try our new research platform with insights from 80,000+ expert users

Fortify Software Security Center vs OWASP Zap comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024
 

Categories and Ranking

Fortify Software Security C...
Ranking in Static Application Security Testing (SAST)
27th
Average Rating
7.8
Number of Reviews
4
Ranking in other categories
No ranking in other categories
OWASP Zap
Ranking in Static Application Security Testing (SAST)
7th
Average Rating
7.6
Number of Reviews
37
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Static Application Security Testing (SAST) category, the mindshare of Fortify Software Security Center is 0.3%, up from 0.2% compared to the previous year. The mindshare of OWASP Zap is 5.1%, down from 6.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Kibeom Kim - PeerSpot reviewer
Jun 11, 2024
Has a good collaboration function and is a centralized software solution
We use the product to scan results, store and display data from Azure, identify scan results, analyze, report, and access company data The platform's most effective for identifying vulnerabilities features are the Fortify audit workbench and the collaboration module, which allow developers and…
AnkithKumar - PeerSpot reviewer
Jun 22, 2022
Great for automating and testing and has tightened our security
I use this solution to test applications; web applications, web APIs, and infrastructure. For the web APIs and applications, I use OWASP Zap for interpreting requests and responses, and to see how the application behaves to resist payloads. This is one of the basic applications for us to automate…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"This is a stable solution at the end of the day."
"Fortify Analytics' AI function helps scan and provides more detailed explanations and recommendations about vulnerabilities."
"The reporting is very useful because you can always view an entire list of the issues that you have."
"You can easily download the tool's rule packs and update them."
"Automatic scanning is a valuable feature and very easy to use."
"Simple and easy to learn and master."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"The solution is scalable."
"It can be used effectively for internal auditing."
"It's great that we can use it with Portswigger Burp."
"Fuzzer and Java APIs help a lot with our custom needs."
 

Cons

"We are having issues with false positives that need to be resolved."
"The product's overlap feature is restrictive and requires more customization efforts, which can be expensive."
"This solution is difficult to implement, and it should be made more comfortable for the end-users."
"Fortify Software Security Center's setup is really painful."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help."
"The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
"The technical support team must be proactive."
"The product reporting could be improved."
"There's very little documentation that comes with OWASP Zap."
"The solution is somewhat unreliable because after we get the finding, we have to manually verify each of its findings to see whether it's a false positive or a true finding, and it takes time."
 

Pricing and Cost Advice

"As a Fortify partner company providing technical support, I find the product expensive in our country, where local, inexpensive products are available."
"This is a costly solution that could be cheaper."
"The solution is priced fair."
"The tool is open source."
"This is an open-source solution and can be used free of charge."
"This app is completely free and open source. So there is no question about any pricing."
"As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."
"This solution is open source and free."
"It is open source, and we can scan freely."
"The solution’s pricing is high."
"We have used the freeware version. I believe Zap only has freeware."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
20%
Financial Services Firm
14%
Computer Software Company
10%
Educational Organization
7%
Computer Software Company
19%
Financial Services Firm
11%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Micro Focus Software Security Center?
You can easily download the tool's rule packs and update them.
What is your experience regarding pricing and costs for Micro Focus Software Security Center?
As a Fortify partner company providing technical support, I find the product expensive in our country, where local, inexpensive products are available. I would rate the pricing a seven.
What needs improvement with Micro Focus Software Security Center?
The product's overlap feature is restrictive and requires more customization efforts, which can be expensive.
Is OWASP Zap better than PortSwigger Burp Suite Pro?
OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with ...
What do you like most about OWASP Zap?
The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, i...
 

Also Known As

Micro Focus Software Security Center, Application Security Center, HPE Application Security Center, WebInspect
No data available
 

Learn More

 

Overview

 

Sample Customers

Neosecure, Acxiom, Skandinavisk Data Center A/S, Parkeon
1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS
Find out what your peers are saying about Fortify Software Security Center vs. OWASP Zap and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.