We performed a comparison between Fortify WebInspect and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"The accuracy of its scans is great."
"The user interface is ok and it is very simple to use."
"When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."
"Technical support has been good."
"Good at scanning and finding vulnerabilities."
"Guided Scan option allows us to easily scan and share reports."
"It's a well-known platform for doing dynamic application scanning."
"The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool."
"It scans while you navigate, then you can save the requests performed and work with them later."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"Simple and easy to learn and master."
"It's great that we can use it with Portswigger Burp."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"The solution has tightened our security."
"Automatic scanning is a valuable feature and very easy to use."
"One thing I would like to see them introduce is a cloud-based platform."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"The initial setup was complex."
"The scanner could be better."
"Lately, we've seen more false negatives."
"We have often encountered scanning errors."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"A localized version, for example, in Korean would be a big improvement to this solution."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"The port scanner is a little too slow."
"Reporting format has no output, is cluttered and very long."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
"I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help."
"The technical support team must be proactive."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews. Fortify WebInspect is rated 7.0, while OWASP Zap is rated 7.6. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, HCL AppScan and Qualys Web Application Scanning, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and Invicti. See our Fortify WebInspect vs. OWASP Zap report.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.