Try our new research platform with insights from 80,000+ expert users
Embedded Software Engineer at Y Soft
Real User
Automatic updates of our database are valuable; deployment is complicated
Pros and Cons
  • "Automatic updates and pull request analysis."
  • "Deployment is somewhat complicated."

What is our primary use case?

Our primary use case is for scanning. We have Bamboo, Nexus and Artifactory and we are able to make snapshots. When we get a pull request we're able to make another snapshot and we compare the two snapshots together and can see what is new in the pull request. We can see which libraries are there and that enables us to see the vulnerabilities. I'm an embedded software engineer.

What is most valuable?

I would say that the automatic update is a very valuable feature because we are able to update our internal data base. The pull request analysis is also very good.

What needs improvement?

The product is somewhat complicated and could be improved by simplifying it because you don't want to have to allocate one person to maintain the solution full time. We'd like to be able to deploy it and have it work. Ideally we'd like to be able to get a pull request analysis and the analysis of repositories. 

I think they could definitely work on a more simplified deployment. That would improve the product. The issues are not necessarily related to the solution but possibly connected to how it was initially set up. 

For how long have I used the solution?

We've been using this solution for three or four years. 

Buyer's Guide
OWASP Zap
December 2024
Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.

What do I think about the stability of the solution?

Regarding stability, we have some issues in our product and we need to work on it. Something is wrong in the architecture, perhaps it's a bug. 

How was the initial setup?

The initial setup was done before I came to the company. There are five people on our security team who discuss maintenance issues and try to solve problems. 

What other advice do I have?

I would recommend this product to people although I think it is very difficult to deploy and we also have issues with maintenance.

I would rate this solution a six out of 10 in our environment. I don't think deployment was done very well in our company and that has affected the quality of the product. Perhaps if things had been done differently I would rate it an eight out of 10. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
OwaspZ677 - PeerSpot reviewer
Senior Engineer at a aerospace/defense firm with 10,001+ employees
Real User
Good overall business scanning but there is room for improvement
Pros and Cons
  • "The scalability of this product is very good."
  • "I prefer Burp Suite to SWASP Zap because of the extensive coverage it offers."

What is our primary use case?

We only tried out the demo to see what the solution offers and how it performs overall business scanning. They also offer open-source projects.

What needs improvement?

There is definitely room for improvement. I prefer Burp Suite to OWASP Zap because of the extensive coverage it offers. I also think it should have an open-source tool. I would also love to see an improvement in visibility.

For how long have I used the solution?

I used OWASP Sap three to four months ago for less than a week.

What do I think about the stability of the solution?

The OWASP Zap solution was very stable during the few days we used it.

What do I think about the scalability of the solution?

The scalability of this product is very good.

What other advice do I have?

I will rate this product a seven out of ten, because I think the visibility needs to be improved, and the support person needs to do a better job. What's more, additional features, like domain support or different authentication support also needs to be improved.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
OWASP Zap
December 2024
Learn what your peers think about OWASP Zap. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
PeerSpot user
Test Automation Project Lead at a tech services company with 1,001-5,000 employees
Real User
A useful tool for security testing and penetrations testers.
Pros and Cons
  • "Simple and easy to learn and master."
  • "Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."

What is most valuable?

  • Very good open source security tool supporting the top 10 vulnerabilities (Injections, Session Management, XSS, Authentication, Authorization, etc.).
  • Simple and easy to learn and master.
  • Good online product documentation.
  • Built in features include: Intercepting proxy, Plug and Hack support, Automated scanning, Passing scan, Fuzzer, Traditional and Ajax Crawling and Web Socket support and so on.
  • Detailed reporting mechanism.
  • The tool has been translated in 25 different languages.
  • Can be executed through GUI, command line and also in Daemon mode with the help of REST API.
  • Very good API support for automating security tests.
  • Supports multiple platforms like Mac, Linux and Windows.
  • It's easy to create add-ons and extensions to scale up the features of the tool.

How has it helped my organization?

We have leveraged our existing functional tests for security testing by integrating web driver scripts with the OWASP ZAP tool.

What needs improvement?

Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation.

For how long have I used the solution?

6 months

What was my experience with deployment of the solution?

Did not encounter any issues. It's easy to install and configure.

What do I think about the stability of the solution?

So far I am very comfortable and did not find any stability related issues.

What do I think about the scalability of the solution?

It is scalable, by creating new extensions and add-ons for the tool. But we faced a couple of challenges initially which were solved with the help of online documentation

How are customer service and technical support?

Customer Service:

4/10

Technical Support:

4/10

Which solution did I use previously and why did I switch?

No

How was the initial setup?

It is very simple to install and configure.

What about the implementation team?

We have implemented this with the in-house team support.

What was our ROI?

Instead of creating a new framework for security tests, it helped us to leverage (reuse) existing functional test automation framework for security tests. This reduces lot of rework.

What's my experience with pricing, setup cost, and licensing?

It is highly recommended as it is an open source tool.

Which other solutions did I evaluate?

No, we are happy with the features provided with this tool, but if you want to go with static code analysis for security tests, we need to find a different option here.

What other advice do I have?

Very good and useful tool for security testing and penetrations testers.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Saraswathi B - PeerSpot reviewer
Saraswathi BTest Automation Project Lead at a tech services company with 1,001-5,000 employees
Real User

Note that this tool will not cover 100% of (comprehensive) security testing, But will be beneficial for basic level of security tests along with functional tests.

Software Engineer at a computer software company with 201-500 employees
Real User
Easy to install, free to use, but missing features
Pros and Cons
  • "They offer free access to some other tools."
  • "Zap could improve by providing better reports for security and recommendations for the vulnerabilities."

What is our primary use case?

We use OWASP Zap for web application security scanning.

What is most valuable?

They offer free access to some other tools.

What needs improvement?

Zap could improve by providing better reports for security and recommendations for the vulnerabilities. Additionally, they should allow more testing other than web applications, such as on the cloud and VMs.

For how long have I used the solution?

I have been using OWASP Zap for approximately three months.

Which solution did I use previously and why did I switch?

I have used other solutions, such as AngularJS.

How was the initial setup?

The installation is straightforward.

What's my experience with pricing, setup cost, and licensing?

This solution is open source and free.

Which other solutions did I evaluate?

I have been evaluating Armor for my teammates who are using ZAP. I have found that Armor is better than ZAP and we are looking to switch solutions.

What other advice do I have?

I rate OWASP Zap a six out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
EricIgbinosun - PeerSpot reviewer
Information Security Professional at AEDC
Real User
Easy-to-use interface, but the documentation needs to be improved
Pros and Cons
  • "The interface is easy to use."
  • "The documentation needs to be improved because I had to learn everything from watching YouTube videos."

What is our primary use case?

We primarily use this product for web application scanning.

What is most valuable?

The interface is easy to use.

What needs improvement?

The documentation needs to be improved because I had to learn everything from watching YouTube videos.

For how long have I used the solution?

I have been working with OWASP Zap for about three months.

What do I think about the stability of the solution?

I have not experienced any trouble in terms of stability.

What do I think about the scalability of the solution?

Scalability has not been an issue, so far. There are four of us in the company that can log in to use it.

How are customer service and technical support?

I have not been in contact with technical support.

How was the initial setup?

The initial setup was straightforward. For me, I just had to press "Next" several times. Between the installation, downloading videos, and investigating how to deploy it, I would say that the process took roughly a day.

What about the implementation team?

I did not require third-party assistance for the deployment.

What was our ROI?

This solution is providing us with value and as long as it continues to do so, we'll continue to use it.

What's my experience with pricing, setup cost, and licensing?

This is an open-source solution and can be used free of charge.

What other advice do I have?

This is a good product where most of the functionality is free, which is why I recommend that others use it.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security Testing Engineer at a tech services company with 1,001-5,000 employees
Real User
The community edition updates services regularly. They add new vulnerabilities into the scanning list.
Pros and Cons
  • "The community edition updates services regularly. They add new vulnerabilities into the scanning list."
  • "As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."

What is our primary use case?

The use case was we needed to scan our website to find out what vulnerabilities were present.

We use it to scan the website, then take a report about what vulnerabilities are present on it. Next, we will manually verify those vulnerabilities for false positives.

How has it helped my organization?

Every now and then, there is an update. They add new vulnerabilities to the scan list. That is where they just keep on improving.

What is most valuable?

The community support that ZAP provides me. As an open source, it provides me flexibility and is convenient to use.

What needs improvement?

As security evolves, we would like DevOps built into it. As of now, Zap does not provide this.

I would like to have more vulnerabilities added to the scan list, because as of now, it covers around 72 to 80. I need more because we need broader coverage.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Stability is good.

What do I think about the scalability of the solution?

We have not scaled yet. Though, we should be able to scale.

How is customer service and technical support?

I have not used any support for this solution yet.

How was the initial setup?

The initial setup is straightforward, because we can integrate it directly into the SDLC.

What other advice do I have?

The community edition updates services regularly. They add new vulnerabilities into the scanning list.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free OWASP Zap Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free OWASP Zap Report and get advice and tips from experienced pros sharing their opinions.