We performed a comparison between OWASP Zap and Acunetix based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, OWASP Zap comes out ahead of Acunetix. Although both products have valuable features and have straightforward deployments, our reviewers found that Acunetix has high pricing, which is considered expensive by some users, especially for small organizations.
"There is a lot of documentation on their website which makes setting it up and using it quite simple."
"Overall, it's a very good tool and a very good engine."
"The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning time depends on the application's code."
"It's very user-friendly for the testing teams. It's very easy for them to understand things and to fix vulnerabilities."
"We use the solution for the scanning of vulnerabilities like SQL injections."
"Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden."
"The most valuable feature of the solution is the speed at which it can scan multiple domains in just a few hours."
"Our developers can run the attacks directly from their environments, desktops."
"The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's very difficult."
"The API is exceptional."
"It has improved my organization with faster security tests."
"The community edition updates services regularly. They add new vulnerabilities into the scanning list."
"The vulnerabilities that it finds, because the primary goal is to secure applications and websites."
"They offer free access to some other tools."
"Automatic updates and pull request analysis."
"Simple to use, good user interface."
"When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic."
"The solution's pricing could be better."
"We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic."
"Integration into other tools is very limited for Acunetix. While we're trying to incorporate a CI/CD process where we're integrating with JIRA and we're integrating with Jenkins and Chef, it becomes problematic. Other tools give you a high integration capability to connect into different solutions that you may already have, like JIRA."
"In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us."
"There's a clear need for a reduction in pricing to make the service more accessible."
"It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved."
"Currently only supports web scanning."
"The technical support team must be proactive."
"There isn't too much information about it online."
"Too many false positives; test reports could be improved."
"Reporting format has no output, is cluttered and very long."
"There's very little documentation that comes with OWASP Zap."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"The port scanner is a little too slow."
"Lacks resources where users can internally access a learning module from the tool."
Acunetix is ranked 13th in Static Application Security Testing (SAST) with 26 reviews while OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews. Acunetix is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Acunetix is most compared with Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan, Fortify WebInspect and Veracode, whereas OWASP Zap is most compared with SonarQube, Qualys Web Application Scanning, PortSwigger Burp Suite Professional, Veracode and Checkmarx One. See our Acunetix vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.