We changed our name from IT Central Station: Here's why

Acunetix by Invicti vs OWASP Zap comparison

You must select at least 2 products to compare!
Acunetix by Invicti Logo
8,817 views|6,230 comparisons
OWASP Zap Logo
31,876 views|21,072 comparisons
Featured Review
Find out what your peers are saying about Acunetix by Invicti vs. OWASP Zap and other solutions. Updated: January 2022.
564,643 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have.""It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have.""Picks up weaknesses in our app setups.""There is a lot of documentation on their website which makes setting it up and using it quite simple.""For us, the most valuable aspect of the solution is the log-sequence feature.""Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden.""I haven't seen reporting of that level in any other tool.""Overall, it's a very good tool and a very good engine."

More Acunetix by Invicti Pros →

"Simple to use, good user interface.""The solution is scalable.""Automatic updates and pull request analysis.""It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display).""They offer free access to some other tools.""Automatic scanning is a valuable feature and very easy to use.""The stability of the solution is very good.""The solution is good at reporting the vulnerabilities of the application."

More OWASP Zap Pros →

"The jargon used makes it difficult for project managers to understand the issues, and the technical explanations used make it difficult for developers to understand issues. These things should be simplified much more. That would be very helpful for us when explaining to them what needs to be fixed. The report output needs to be simplified.""We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic.""The pricing is a bit on the higher side.""When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic.""While we do have it integrated with other solutions, it could still offer more integrations.""The solution limits the number of scans. It would be much better if we could have unlimited scans.""The vulnerability identification speed should be improved.""I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."

More Acunetix by Invicti Cons →

"Reporting format has no output, is cluttered and very long.""The documentation needs to be improved because I had to learn everything from watching YouTube videos.""It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful.""Too many false positives; test reports could be improved.""The forced browse has been incorporated into the program and it is resource-intensive.""The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed.""Zap could improve by providing better reports for security and recommendations for the vulnerabilities.""It would be a great improvement if they could include a marketplace to add extra features to the tool."

More OWASP Zap Cons →

Pricing and Cost Advice
  • "I would say that Acunetix is expensive because there are products on the market with similar features that are equally or better-priced."
  • "The pricing is a little high, and moreover, it's kind of domain-based."
  • "When compared with other products, the pricing is a little bit high. But it gives value for the price. It serves the purpose and is worthwhile for the price we pay."
  • "Implementing Acunetix needs a medium or larger business agency, because you need some money to get Acunetix. It is costly, but if you care about your agency's security, then maybe it's a cost that might help you in the future."
  • More Acunetix by Invicti Pricing and Cost Advice →

  • "This is an open-source solution and can be used free of charge."
  • "This solution is open source and free."
  • More OWASP Zap Pricing and Cost Advice →

    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    564,643 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: 
    There is a lot of documentation on their website which makes setting it up and using it quite simple.
    Top Answer: 
    We do pay extra for technical support, however, it's 24/7 support which means we always have access to them if we need them. The pricing is on the higher side. That could be okay for certain… more »
    Top Answer: 
    Normally, the product asks for the URL address before scanning a certain application. Acunetix is immediately used for web application scanning purposes for vulnerability assessment. However, it… more »
    Top Answer: 
    OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Top Answer: 
    It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display).
    Average Words per Review
    Average Words per Review
    Also Known As
    Learn More

    Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.

    Zed Attack Proxy (ZAP) is a free, open-source penetration testing tool being maintained under the umbrella of the Open Web Application Security Project (OWASP). ZAP is designed specifically for testing web applications and is both flexible and extensible.

    Learn more about Acunetix by Invicti
    Learn more about OWASP Zap
    Sample Customers
    Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand
    Information Not Available
    Top Industries
    Financial Services Firm42%
    Comms Service Provider17%
    Media Company8%
    Insurance Company8%
    Computer Software Company34%
    Comms Service Provider20%
    Financial Services Firm6%
    Computer Software Company27%
    Financial Services Firm18%
    Manufacturing Company9%
    Computer Software Company30%
    Comms Service Provider25%
    Financial Services Firm5%
    Company Size
    Small Business39%
    Midsize Enterprise17%
    Large Enterprise44%
    Small Business20%
    Midsize Enterprise15%
    Large Enterprise65%
    Small Business18%
    Midsize Enterprise32%
    Large Enterprise50%
    Small Business14%
    Midsize Enterprise16%
    Large Enterprise71%
    Find out what your peers are saying about Acunetix by Invicti vs. OWASP Zap and other solutions. Updated: January 2022.
    564,643 professionals have used our research since 2012.

    Acunetix by Invicti is ranked 8th in Application Security Testing (AST) with 10 reviews while OWASP Zap is ranked 6th in Application Security Testing (AST) with 9 reviews. Acunetix by Invicti is rated 7.2, while OWASP Zap is rated 7.0. The top reviewer of Acunetix by Invicti writes "We are getting notably fewer false positives than previously, but reporting output needs to be simplified". On the other hand, the top reviewer of OWASP Zap writes "Great at reporting vulnerabilities, helps with security, and reveals development threats well". Acunetix by Invicti is most compared with PortSwigger Burp Suite Professional, Veracode, Fortify WebInspect, HCL AppScan and Tenable.io Web Application Scanning, whereas OWASP Zap is most compared with PortSwigger Burp Suite Professional, Veracode, Qualys Web Application Scanning, Fortify WebInspect and Netsparker by Invicti. See our Acunetix by Invicti vs. OWASP Zap report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.