It's been two months since this profile received a new review

ZAP by Checkmarx Reviews & Product Details

ZAP by Checkmarx, formerly known as Zed Attack Proxy , is a leading open-source web application security scanner designed to help developers, testers, and security professionals identify vulnerabilities in web applications. Actively maintained by a global community, ZAP offers both automated and manual testing capabilities, making it suitable for users with varying levels of security expertise. Key Features and Functionality: - Automated Security Scanning: ZAP provides simple, single-click automated scanning, enabling users to identify security flaws with ease. - Active and Passive Scanning: Utilizes both passive and active scanning techniques to uncover a wide range of security vulnerabilities. - Advanced User Controls: Offers tools like manual interception, fuzzing, and forced browsing for thorough penetration testing. - CI/CD Integration: Seamlessly integrates with Continuous Integration/Continuous Deployment pipelines, automating security testing within development workflows. - Cross-Platform Support: Compatible with Linux, Windows, and macOS operating systems. Primary Value and Problem Solved: ZAP by Checkmarx addresses the critical need for accessible and effective web application security testing. By offering a free, open-source solution with both automated and manual testing capabilities, ZAP empowers organizations to identify and remediate vulnerabilities early in the development lifecycle. Its integration with CI/CD pipelines ensures that security becomes an integral part of the development process, reducing the risk of security breaches and enhancing overall application security.

Seller

Checkmarx

Discussions

ZAP by Checkmarx Community

Overview by

Simon Bennetts

Pricing

Pricing provided by ZAP by Checkmarx.

Open source

Free

View More Pricing Information

Top-Rated Alternatives

View All Alternatives

G2 reviews are authentic and verified.

Here's how.

Verified User in Information Technology and Services

Mid-Market (51-1000 emp.)

9/27/2025

"A tool I use just for Web/API Security Automation"

1.5/5

What do you like best about ZAP by Checkmarx?

The detection mechanisms developed for ZAP are quite effective. It's easy to initiate an active scan or start crawling, and the built-in integration with Firefox is convenient. However, I find the user interface to be cluttered, so I primarily use it only for Active scans. Review collected by and hosted on G2.com.

What do you dislike about ZAP by Checkmarx?

THe UI can surely be made clearer similar to burp, and it would just outstand burp in a blink of an eye. Specially the request response windows are too narrow and tools and settings are just plain dropdown lists which is not so great to be navigating through. Review collected by and hosted on G2.com.

Abhinav N.

Cyber Security Analyst

Computer & Network Security

Small-Business (50 or fewer emp.)

12/29/2024

"the best web application security scanner"

5/5

What do you like best about ZAP by Checkmarx?

Zap is one of the best web application security scanner ithink it has more features than burpsuite. ZAP has more automated scan features and the spider fuzz and ajax spider they are really amazing . i like recommend using ZAP for automated scans. Review collected by and hosted on G2.com.

What do you dislike about ZAP by Checkmarx?

ZAP does not have a browser . like burpsuite zap needs to implement that Review collected by and hosted on G2.com.

VishNu C.

Digital Marketing Executive

Small-Business (50 or fewer emp.)

11/8/2023

"Best Free web app penetration testing App"

4.5/5

What do you like best about ZAP by Checkmarx?

The owasp zap can be even use in windows and we don't need any Linux OS also it is very easy to use and it's free of cost.We can also customise zap according to our testing need switch certain scripts. Review collected by and hosted on G2.com.

What do you dislike about ZAP by Checkmarx?

Owasp has only some limited automated tasks and may not have new features like all other web pen testing apps Review collected by and hosted on G2.com.

What problems is ZAP by Checkmarx solving and how is that benefiting you?

The active and the passive scanning in the owasp zap helps in sending payloads easily and monitor traffic By adding several extension and plugins in zap we can improve our penetration testing standards as so much advanced scripted extensions are available easily and we can try that in real time pentesting.We can export our reports easily and share with clients in various formats. Review collected by and hosted on G2.com.

Mohammed N.

Penetration Tester

Small-Business (50 or fewer emp.)

11/8/2023

"Best tool for scanning Website"

5/5

What do you like best about ZAP by Checkmarx?

As a seurity reasercher this tool has help me to scan the website.ones the scan is completed you can generate the report.the automated scan feture is really good,if your a begginner you don't have much knowledge in security scan you can try this tool.very user friendly and easy to understand all the fetures.

very easy to install.more you use you will be masterthe tool. Review collected by and hosted on G2.com.

What do you dislike about ZAP by Checkmarx?

This tool give some false positive findings thats the we need to check all the finding is true or not moreover its a great tool for web application assessment. Review collected by and hosted on G2.com.

Jay P.

Cyber Security Intern

Small-Business (50 or fewer emp.)

8/18/2023

"OWasp Zap Proxy for web penetrations testing"

5/5

What do you like best about ZAP by Checkmarx?

Owasp zap proxy is the best recon and penetration testing tool which contains the all things from manual testing to auatomation testing . for me specialy automatic testing is the best testing with ajax spider and active scanning perform the all vulnerability test which is really good. Review collected by and hosted on G2.com.

What do you dislike about ZAP by Checkmarx?

sometimes in automation testing it give false positive but to avoid that thing we have to configure all scanning and moreover install some scripts to reduce it. but overall this tool is all in one Review collected by and hosted on G2.com.

Gopi K.

SDE-3

Hospital & Health Care

Small-Business (50 or fewer emp.)

1/2/2024

"ZAP is open source user friendly efficient pentesting tool."

3.5/5

What do you like best about ZAP by Checkmarx?

1. It is open source

2. Customizable dashboards and user friendly interface

3. Active and Passive automated Scanning provided along with proxy interception support.

4. easy integration with CI/CD piplelines Review collected by and hosted on G2.com.

What do you dislike about ZAP by Checkmarx?

1. It is resource intensive and takes considerable amount of time for big applications

2. Issue with False positives leading to need of manual intervention many times Review collected by and hosted on G2.com.

Muhammad M.

Penetration Tester

Small-Business (50 or fewer emp.)

11/7/2023

"A free web scanner with amazing futures"

4.5/5

What do you like best about ZAP by Checkmarx?

OWASP zap is world best web app security scanner, and it is open source, and also it's powered by OWASP, the best thing is it's free Review collected by and hosted on G2.com.

What do you dislike about ZAP by Checkmarx?

Almost is really good but Some time its gives false positive Review collected by and hosted on G2.com.

Ashwin H.

Cloud Associate - QA

Information Technology and Services

Enterprise (> 1000 emp.)

12/28/2023

"Good product for security testing"

4.5/5

What do you like best about ZAP by Checkmarx?

It is easy to use and there are different types of attacks present which can be done in easier way Review collected by and hosted on G2.com.

What do you dislike about ZAP by Checkmarx?

Until now the product is good so no negative remark Review collected by and hosted on G2.com.

Verified User in Computer Software

Enterprise (> 1000 emp.)

11/7/2023

"Recommend for security scans"

5/5

What do you like best about ZAP by Checkmarx?

Support for Active, Passive and Fuzzy scans via Desktop app as well as it can be used via API bindings which can be further integrated in pipelines and can be scheduled as required Review collected by and hosted on G2.com.

What do you dislike about ZAP by Checkmarx?

For using OWASP ZAP little more crisp documentation is required though we will get best community support.

Application can be used by beginer but for getting expertise we need some more documentation. Review collected by and hosted on G2.com.

What problems is ZAP by Checkmarx solving and how is that benefiting you?

As we had integrated OWASP ZAP in pipeline so it's was not a specific task for someone to look into but the security issues were captured in notime, when the code is pushed and deployed on environment it was triggering these active, passive and fuzzy scans and the issues were reported way early. Review collected by and hosted on G2.com.