OWASP Zap vs Synopsys API Security Testing comparison

"This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer."

"The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's very difficult."

"It updates repositories and libraries quickly."

"Fuzzer and Java APIs help a lot with our custom needs."

"The stability of the solution is very good."

"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."

"Automatic scanning is a valuable feature and very easy to use."

"It's great that we can use it with Portswigger Burp."

"The most valuable features of Synopsys API Security Testing are the metrics, results, and threat vectors that it shares."

"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."

"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."

"There are areas for improvement with OWASP Zap, particularly in the alignment of vulnerabilities concerning CVSS scores."

"Deployment is somewhat complicated."

"Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."

"The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."

"It would be nice to have a solid SQL injection engine built into Zap."

"I prefer Burp Suite to SWASP Zap because of the extensive coverage it offers."

"The solution required us to use our team and we spoke to Synopsys API Security Testing's support to do the implementation. We use two people from our team for the implementation. and one person for maintenance."

"OWASP Zap is free to use."

"This is an open-source solution and can be used free of charge."

"The tool is open source."

"OWASP ZAP is a free tool provided by OWASP’s engineers and experts. There is an option to donate."

"The solution’s pricing is high."

"It is open source, and we can scan freely."

"It's free. It's good for us because we don't know what the extent of our use will be yet. It's good to start with something free and easy to use."

"As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."