Researcher in Cyber Security at Sekolah Tinggi Ilmu Statistik BPS
Real User
Top 10
2024-03-11T08:36:55Z
Mar 11, 2024
Overall, I would rate the solution an eight out of ten. My advice for OWASP Zap users is that you must be connected to vulnerability discovery work. As security testers, we must find vulnerabilities in our project. There are many false positives [with OWASP Zap], so we have to try new ways of exploiting and restarting. Maybe that's my advice.
I would recommend the solution to my clients since it is a proven product. We have no issues with stability, scalability, and technical support. Overall, I rate the product an eight out of ten.
Manager, Quality Assurance at Managed Markets Insight & Technology, LLC
Real User
Top 10
2023-05-23T10:05:32Z
May 23, 2023
I rate OWASP ZAP seven out of 10. It's an excellent penetration testing tool for developers. That scanning part is solid, but the integration with AWS and Azure pipelines could be better.
I can recommend others to use the solution for a quick and easy introduction to dynamic testing. But for the more advanced solution and for users like myself who understand the application suite itself for others and any organization to use the commercial solution as a proxy. I rate the overall solution a seven out of ten.
Cyber Security Engineer at a transportation company with 10,001+ employees
Real User
Top 20
2023-03-16T16:40:17Z
Mar 16, 2023
I am using the latest version. I usually download the latest version and then use it. Users need to read the documentation before starting. Users need to educate themselves before they start. I'd rate the solution seven out of ten.
I rate this solution a seven out of ten. The product is good, but the reporting process could be improved. I recommend this solution to people looking for a quick DAST application and a dynamic application security testing tool. Additionally, the solution is cost-effective.
My advice would be to not look at Zap as a one-stop-shop for all your results because Zap cannot do that. Zap is very good for a certain number of basic vulnerabilities or medium to high-level issues, but it can't go beyond that. You can use Zap along with another tool. If you're doing two or three levels of security testing, you can use Zap along with other tools. It is more of a learner tool. So, if you're using Zap, it would be best if you use it as a beginner in the field. Once you get into projects or work for people on their applications, you'll definitely end up needing something stronger. I would rate it a five out of ten.
Whether this is a good solution depends on the use case. If an organization is looking for a professional license without putting down any money, this is one of the best solutions. I would rate this solution more highly if we were able to customize reports. For now, I rate this solution eight out of 10.
I used to work with Homeland security back 10, 15 years ago, in the national cybersecurity division starting up right after 9/11. I was on that national cybersecurity team. One of the things they looked into was funding using government money to fund some of these security operations or projects. They decided, and I helped decide, that it would be right for the government to support open-source systems or products because they're not making money out of that market. One of the people in the government got involved and helped to get it started. I don't know if they still have a list on their website of donors or contributors, but you can look on that list pretty easily and see if Homeland security is still supporting them. I assume it is because it's really well run. It's constantly evolving new versions coming out with new features. It's very well managed and the lead person on it is very sharp. You can go on YouTube and search for a proxy and you will see some deep-dive tutorials. He did a really good job. There is a lot to this solution. You can use it superficially, but you need to spend a lot of time learning it. It has a lot of options and a lot of angles. I would rate OWASP Zap a nine out of ten.
President & Owner at Aydayev's Investment Business Group
Real User
2021-06-16T14:05:43Z
Jun 16, 2021
I used the source code design for the deployment. I have not had experience with the code crawler, OSWAP Zap code analysis. The solution I was using is run by a search engine. My clients utilize OWASP Zap AST. They do not make use of the code crawler. I rate OWASP Zap as a six out of ten.
Technical Specialist(DevOps) at a tech services company with 1,001-5,000 employees
Real User
2021-04-06T13:58:13Z
Apr 6, 2021
If you are working in a very big gaming company and you have the budget, then I'd suggest switching to the enterprise version because the open source version takes time to resolve the regulations and there are sometimes false positives. It takes a lot of effort to figure out how to resolve the vulnerability and then search the same thing in the code. If you're not from the development team, then a lot of coordination is required. Without any support, we are in a black hole sometimes. Some attacks can be very dangerous for the company and for the application. They create delays and I've had to learn how to deal with that. I rate this solution a six out of 10.
Subdirector de Seguridad Informática e Infraestructura at a financial services firm with 201-500 employees
Real User
2021-02-11T05:01:31Z
Feb 11, 2021
We are a customer and end-user of the product. There's lots of information online for users who are curious to learn more about the product. In general, I would rate this solution at an eight out of ten. We've been largely satisfied with the product overall.
Assistant Vice President at Hexaware Technologies Limited
Real User
2020-11-12T08:21:07Z
Nov 12, 2020
We are an IT service provider, which means that we use a variety of tools based on what our customer preferences are. There's all, at most, I would say, about 20 companies that we would have the funds to use the solution with. OWASP is definitely in the top three as a tool that we would probably recommend to our team, as a frequent users' tool, however, I don't believe we have any kind of a formal relationship with the company. Multiple teams use it. I have not heard of anybody complaining about anything to do with this particular solution. I would say it's pretty good. I would give it a rating of eight out of ten.
This is a good product where most of the functionality is free, which is why I recommend that others use it. I would rate this solution a seven out of ten.
I would definitely recommend this product provided the company can provide more clarity on the false positives that we get. I would rate this solution a seven out of 10.
I would recommend this product to people although I think it is very difficult to deploy and we also have issues with maintenance. I would rate this solution a six out of 10 in our environment. I don't think deployment was done very well in our company and that has affected the quality of the product. Perhaps if things had been done differently I would rate it an eight out of 10.
Senior Manager at a marketing services firm with 10,001+ employees
Real User
2019-06-24T12:13:00Z
Jun 24, 2019
I would rate this solution as 7 out of 10, as I am still in the process of exploring. So far I think it's fine, but I think I still need to explore it a bit further and try to do a more comparative analysis.
I will rate this product a seven out of ten, because I think the visibility needs to be improved, and the support person needs to do a better job. What's more, additional features, like domain support or different authentication support also needs to be improved.
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
Real User
2019-06-19T05:02:00Z
Jun 19, 2019
When people are trying to make use of OWASP Zap, I would advise first read through and understand the OWASP vulnerabilities very well. Then start looking at features, tutorials of the OWASP ZAP Proxy that are made available online. There are a lot of YouTube videos, articles in the internet that talk about how to use the tools. These are quite easy to understand. Do a small POC. Pick an application which is already having vulnerabilities and assess the application around with the ZAP Proxy tool. In terms of ZAP Proxy tool ease of use, I would rate it nine out of ten.
I would advise someone considering this solution to try and read about it on internet forums and see if it fits your needs. I would rate this solution an eight out of ten. It does what it says it will do and it's not hard to set up. It is also easy to use both automatically and manually and has a plug-in into every major build-tool, like Jenkins , Gitlab and others. You can automate it through a building process.
OWASP Zap is a free and open-source web application security scanner.
The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues.
With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.
I will recommend the product to others. Everyone must use the tool. Overall, I rate the solution a nine out of ten.
Overall, I would rate the solution an eight out of ten. My advice for OWASP Zap users is that you must be connected to vulnerability discovery work. As security testers, we must find vulnerabilities in our project. There are many false positives [with OWASP Zap], so we have to try new ways of exploiting and restarting. Maybe that's my advice.
Overall, i would rate the solution a seven out of ten.
I rate the solution an eight out of ten.
I would recommend the solution to my clients since it is a proven product. We have no issues with stability, scalability, and technical support. Overall, I rate the product an eight out of ten.
I rate OWASP ZAP seven out of 10. It's an excellent penetration testing tool for developers. That scanning part is solid, but the integration with AWS and Azure pipelines could be better.
I can recommend others to use the solution for a quick and easy introduction to dynamic testing. But for the more advanced solution and for users like myself who understand the application suite itself for others and any organization to use the commercial solution as a proxy. I rate the overall solution a seven out of ten.
I am using the latest version. I usually download the latest version and then use it. Users need to read the documentation before starting. Users need to educate themselves before they start. I'd rate the solution seven out of ten.
It's worth exploring and learning the tool. It helps a lot to understand the vulnerabilities in the applications. I rate the solution eight out of 10.
I rate this solution a seven out of ten. The product is good, but the reporting process could be improved. I recommend this solution to people looking for a quick DAST application and a dynamic application security testing tool. Additionally, the solution is cost-effective.
If you're a smaller organization, this tool is a great first choice as a starting point. It's quite usable. I rate this solution eight out of 10.
My advice would be to not look at Zap as a one-stop-shop for all your results because Zap cannot do that. Zap is very good for a certain number of basic vulnerabilities or medium to high-level issues, but it can't go beyond that. You can use Zap along with another tool. If you're doing two or three levels of security testing, you can use Zap along with other tools. It is more of a learner tool. So, if you're using Zap, it would be best if you use it as a beginner in the field. Once you get into projects or work for people on their applications, you'll definitely end up needing something stronger. I would rate it a five out of ten.
Whether this is a good solution depends on the use case. If an organization is looking for a professional license without putting down any money, this is one of the best solutions. I would rate this solution more highly if we were able to customize reports. For now, I rate this solution eight out of 10.
I used to work with Homeland security back 10, 15 years ago, in the national cybersecurity division starting up right after 9/11. I was on that national cybersecurity team. One of the things they looked into was funding using government money to fund some of these security operations or projects. They decided, and I helped decide, that it would be right for the government to support open-source systems or products because they're not making money out of that market. One of the people in the government got involved and helped to get it started. I don't know if they still have a list on their website of donors or contributors, but you can look on that list pretty easily and see if Homeland security is still supporting them. I assume it is because it's really well run. It's constantly evolving new versions coming out with new features. It's very well managed and the lead person on it is very sharp. You can go on YouTube and search for a proxy and you will see some deep-dive tutorials. He did a really good job. There is a lot to this solution. You can use it superficially, but you need to spend a lot of time learning it. It has a lot of options and a lot of angles. I would rate OWASP Zap a nine out of ten.
I rate OWASP Zap a six out of ten.
I used the source code design for the deployment. I have not had experience with the code crawler, OSWAP Zap code analysis. The solution I was using is run by a search engine. My clients utilize OWASP Zap AST. They do not make use of the code crawler. I rate OWASP Zap as a six out of ten.
If you are working in a very big gaming company and you have the budget, then I'd suggest switching to the enterprise version because the open source version takes time to resolve the regulations and there are sometimes false positives. It takes a lot of effort to figure out how to resolve the vulnerability and then search the same thing in the code. If you're not from the development team, then a lot of coordination is required. Without any support, we are in a black hole sometimes. Some attacks can be very dangerous for the company and for the application. They create delays and I've had to learn how to deal with that. I rate this solution a six out of 10.
We are a customer and end-user of the product. There's lots of information online for users who are curious to learn more about the product. In general, I would rate this solution at an eight out of ten. We've been largely satisfied with the product overall.
We are an IT service provider, which means that we use a variety of tools based on what our customer preferences are. There's all, at most, I would say, about 20 companies that we would have the funds to use the solution with. OWASP is definitely in the top three as a tool that we would probably recommend to our team, as a frequent users' tool, however, I don't believe we have any kind of a formal relationship with the company. Multiple teams use it. I have not heard of anybody complaining about anything to do with this particular solution. I would say it's pretty good. I would give it a rating of eight out of ten.
This is a good product where most of the functionality is free, which is why I recommend that others use it. I would rate this solution a seven out of ten.
I would definitely recommend this product provided the company can provide more clarity on the false positives that we get. I would rate this solution a seven out of 10.
I would recommend this product to people although I think it is very difficult to deploy and we also have issues with maintenance. I would rate this solution a six out of 10 in our environment. I don't think deployment was done very well in our company and that has affected the quality of the product. Perhaps if things had been done differently I would rate it an eight out of 10.
I would rate this solution as 7 out of 10, as I am still in the process of exploring. So far I think it's fine, but I think I still need to explore it a bit further and try to do a more comparative analysis.
I would recommend that you should go through the documentation really well. That's it. I would rate this product 8 out of 10.
I will rate this product a seven out of ten, because I think the visibility needs to be improved, and the support person needs to do a better job. What's more, additional features, like domain support or different authentication support also needs to be improved.
When people are trying to make use of OWASP Zap, I would advise first read through and understand the OWASP vulnerabilities very well. Then start looking at features, tutorials of the OWASP ZAP Proxy that are made available online. There are a lot of YouTube videos, articles in the internet that talk about how to use the tools. These are quite easy to understand. Do a small POC. Pick an application which is already having vulnerabilities and assess the application around with the ZAP Proxy tool. In terms of ZAP Proxy tool ease of use, I would rate it nine out of ten.
I would advise someone considering this solution to try and read about it on internet forums and see if it fits your needs. I would rate this solution an eight out of ten. It does what it says it will do and it's not hard to set up. It is also easy to use both automatically and manually and has a plug-in into every major build-tool, like Jenkins , Gitlab and others. You can automate it through a building process.
The community edition updates services regularly. They add new vulnerabilities into the scanning list.