---
title: ZAP by Checkmarx Reviews
meta_title: 'ZAP by Checkmarx Reviews 2026: Details, Pricing, & Features | G2'
meta_description: Filter 14 reviews by the users' company size, role or industry to
  find out how ZAP by Checkmarx works for a business like yours.
aggregate_rating:
  rating_value: 4.7
  review_count: 14
  scale: '5'
date_modified: '2026-07-07'
parent_category:
  name: "DevSecOps\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t"
  url: https://www.g2.com/categories/devsecops
---

# ZAP by Checkmarx Reviews
**Vendor:** Checkmarx  
**Category:** [Penetration Testing Tools](https://www.g2.com/categories/penetration-testing-tools)  
**Average Rating:** 4.7/5.0  
**Total Reviews:** 14
## About ZAP by Checkmarx
ZAP by Checkmarx, formerly known as Zed Attack Proxy , is a leading open-source web application security scanner designed to help developers, testers, and security professionals identify vulnerabilities in web applications. Actively maintained by a global community, ZAP offers both automated and manual testing capabilities, making it suitable for users with varying levels of security expertise. Key Features and Functionality: - Automated Security Scanning: ZAP provides simple, single-click automated scanning, enabling users to identify security flaws with ease. - Active and Passive Scanning: Utilizes both passive and active scanning techniques to uncover a wide range of security vulnerabilities. - Advanced User Controls: Offers tools like manual interception, fuzzing, and forced browsing for thorough penetration testing. - CI/CD Integration: Seamlessly integrates with Continuous Integration/Continuous Deployment pipelines, automating security testing within development workflows. - Cross-Platform Support: Compatible with Linux, Windows, and macOS operating systems. Primary Value and Problem Solved: ZAP by Checkmarx addresses the critical need for accessible and effective web application security testing. By offering a free, open-source solution with both automated and manual testing capabilities, ZAP empowers organizations to identify and remediate vulnerabilities early in the development lifecycle. Its integration with CI/CD pipelines ensures that security becomes an integral part of the development process, reducing the risk of security breaches and enhancing overall application security.



## ZAP by Checkmarx Pros & Cons
**What users like:**

- Users value the **easy integration** with CICD tools, enhancing automation and simplifying their workflows significantly. (3 reviews)
- Users find the **ease of use** in ZAP by Checkmarx enhances their pentesting efficiency significantly. (3 reviews)
- Users value the **customizability** of ZAP, allowing tailored configurations to meet specific testing needs effectively. (2 reviews)
- Users value the **easy integration with CI/CD pipelines** , enhancing their workflow efficiency and automation capabilities. (2 reviews)
- Users love the **user-friendly interface** and customizable dashboards, making the tool easy for anyone to use. (2 reviews)
- Affordable (1 reviews)
- Users praise ZAP&#39;s **exceptional automated testing features** , highlighting its effectiveness in vulnerability assessments and integrations. (1 reviews)
- Users appreciate the **advanced automation features** of ZAP, making web application security scanning efficient and user-friendly. (1 reviews)
- Clear Interface (1 reviews)
- Dashboard Usability (1 reviews)

**What users dislike:**

- Users experience **false positives** that require manual verification, impacting efficiency during assessments with ZAP by Checkmarx. (3 reviews)
- Users find the **poor documentation** inadequate for troubleshooting errors, leading to frustrating experiences with ZAP. (2 reviews)
- Users find ZAP by Checkmarx to have **limited automated tasks** , lacking the extensive features of other web pen testing apps. (1 reviews)
- Users face **navigation problems** due to insufficient documentation and support, complicating their overall experience with ZAP. (1 reviews)
- Users express frustration over the **lack of documentation and support** for ZAP by Checkmarx, impacting their experience. (1 reviews)
- Slow Performance (1 reviews)

## ZAP by Checkmarx Reviews
  ### 1. Open-Source Powerhouse with Room for UI Improvement

**Rating:** 4.0/5.0 stars

**Reviewed by:** AJAYRAJ T. | Freelance Software Engineer, Small-Business (50 or fewer emp.)

**Reviewed Date:** May 08, 2026

**What do you like best about ZAP by Checkmarx?**

I find the automated scans in ZAP by Checkmarx help me save time and offer valuable reports and suggestions. I like that the reports come in different formats, which is really convenient. Also, I appreciate that it's open-sourced, which adds to its flexibility. Plus, the initial setup was very easy.

**What do you dislike about ZAP by Checkmarx?**

The interface is too old styled. If the interface is changed to more user-friendly or a customizable interface, it would be great.

**What problems is ZAP by Checkmarx solving and how is that benefiting you?**

I use ZAP by Checkmarx for automated scans, saving time with its reports and suggestions.

  ### 2. A tool I use just for Web/API Security Automation

**Rating:** 1.5/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** September 27, 2025

**What do you like best about ZAP by Checkmarx?**

The detection mechanisms developed for ZAP are quite effective. It's easy to initiate an active scan or start crawling, and the built-in integration with Firefox is convenient. However, I find the user interface to be cluttered, so I primarily use it only for Active scans.

**What do you dislike about ZAP by Checkmarx?**

THe UI can surely be made clearer similar to burp, and it would just outstand burp in a blink of an eye. Specially the request response windows are too narrow and tools and settings are just plain dropdown lists which is not so great to be navigating through.

**What problems is ZAP by Checkmarx solving and how is that benefiting you?**

Active scans mostly I'd say is the probably only best feature and sole reason I have ZAP installed. **If** improved it can raise the bar for every other tool out there.

  ### 3. the best web application security scanner

**Rating:** 5.0/5.0 stars

**Reviewed by:** Abhinav N. | Cyber Security Analyst, Computer & Network Security, Small-Business (50 or fewer emp.)

**Reviewed Date:** December 29, 2024

**What do you like best about ZAP by Checkmarx?**

Zap is one of the best web application security scanner ithink it has more features than burpsuite. ZAP has more automated scan features and the spider fuzz and ajax spider they are really amazing . i like recommend using ZAP for automated scans.

**What do you dislike about ZAP by Checkmarx?**

ZAP does not have a browser . like burpsuite zap needs to implement that

**What problems is ZAP by Checkmarx solving and how is that benefiting you?**

ZAP helps me to scan and find vulnerabilities in webapplications

  ### 4. Best Free web app penetration testing App

**Rating:** 4.5/5.0 stars

**Reviewed by:** VishNu C. | Digital Marketing Executive, Small-Business (50 or fewer emp.)

**Reviewed Date:** November 08, 2023

**What do you like best about ZAP by Checkmarx?**

The owasp zap can be even use in windows and we don't need any Linux OS also it is very easy to use and it's free of cost.We can also customise zap according to our testing need switch certain scripts.

**What do you dislike about ZAP by Checkmarx?**

Owasp has only some limited automated tasks and may not have new features like all other web pen testing apps

**What problems is ZAP by Checkmarx solving and how is that benefiting you?**

The active and the passive scanning in the owasp zap helps in sending payloads easily and monitor traffic By adding several extension and plugins in zap we can improve our penetration testing standards as so much advanced scripted extensions are available easily and we can try that in real time pentesting.We can export our reports easily and share with clients in various formats.

  ### 5. Best tool for scanning Website

**Rating:** 5.0/5.0 stars

**Reviewed by:** Mohammed N. | Penetration Tester, Small-Business (50 or fewer emp.)

**Reviewed Date:** November 08, 2023

**What do you like best about ZAP by Checkmarx?**

As a seurity reasercher this tool has help me to scan the website.ones the scan is completed you can generate the report.the automated scan feture is really good,if your a begginner you don't have much knowledge in security scan you can try this tool.very user  friendly and easy to understand all the fetures.
very easy to install.more you use  you will be masterthe tool.

**What do you dislike about ZAP by Checkmarx?**

This tool give some false positive findings thats the we need to check all the finding is true or not moreover its a great tool for web application assessment.

**What problems is ZAP by Checkmarx solving and how is that benefiting you?**

Report generate- simplyfy your report making.
Automated scan- Manual testing will be easy

  ### 6. OWasp Zap Proxy for web penetrations testing

**Rating:** 5.0/5.0 stars

**Reviewed by:** Jay P. | Cyber Security Intern, Small-Business (50 or fewer emp.)

**Reviewed Date:** August 18, 2023

**What do you like best about ZAP by Checkmarx?**

Owasp zap proxy is the best recon and penetration testing tool which contains the all things from manual testing to auatomation testing . for me specialy automatic testing is the best testing with ajax spider and active scanning perform the all vulnerability test which is really good.

**What do you dislike about ZAP by Checkmarx?**

sometimes in automation testing it give false positive but to avoid that thing we have to configure all scanning and moreover install some scripts to reduce it. but overall this tool is all in one

**What problems is ZAP by Checkmarx solving and how is that benefiting you?**

it is finding the vulnerability in website with powerfull accuracy and also its ajax crwler which is the best powerfull crawler. it is also performing 2 types of scans for me one is active scan and 2nd is passive scan which is very good.

  ### 7. ZAP is open source user friendly efficient pentesting tool.

**Rating:** 3.5/5.0 stars

**Reviewed by:** Gopi  K. | SDE-3, Hospital & Health Care, Small-Business (50 or fewer emp.)

**Reviewed Date:** January 02, 2024

**What do you like best about ZAP by Checkmarx?**

1. It is open source
2. Customizable dashboards and user friendly interface
3. Active and Passive automated Scanning provided along with proxy interception support.
4. easy integration with CI/CD piplelines

**What do you dislike about ZAP by Checkmarx?**

1. It is resource intensive and takes considerable amount of time for big applications
2.  Issue with False positives leading to need of manual intervention many times

**What problems is ZAP by Checkmarx solving and how is that benefiting you?**

1. Vulnerability Testing and Penetration testing to address these security vulnerabilities before deployments
2. Cost effiecient(open-source) solution to help with security enhancemnets in my applications
3. Pentesting integration woith CI/CD pipelines.

  ### 8. A free web scanner with amazing futures

**Rating:** 4.5/5.0 stars

**Reviewed by:** Muhammad M. |  Penetration Tester, Small-Business (50 or fewer emp.)

**Reviewed Date:** November 07, 2023

**What do you like best about ZAP by Checkmarx?**

OWASP zap is world best web app security scanner, and it is open source, and also it's powered by OWASP, the best thing is it's free

**What do you dislike about ZAP by Checkmarx?**

Almost is really good but Some time its gives false positive

**What problems is ZAP by Checkmarx solving and how is that benefiting you?**

As Penetration tester its took some time for vulnerability assessment on web OWASP ZAP is a real solution for that , it will do the vulnerability assessment part for us we only need to the validation and exploitation

  ### 9. Good product for security testing

**Rating:** 4.5/5.0 stars

**Reviewed by:** Ashwin  H. | Cloud Associate - QA, Information Technology and Services, Enterprise (> 1000 emp.)

**Reviewed Date:** December 28, 2023

**What do you like best about ZAP by Checkmarx?**

It is easy to use and there are different types of attacks present which can be done in easier way

**What do you dislike about ZAP by Checkmarx?**

Until now the product is good so no negative remark

**What problems is ZAP by Checkmarx solving and how is that benefiting you?**

Security testing and penetration testing

  ### 10. Recommend for security scans

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Computer Software | Enterprise (> 1000 emp.)

**Reviewed Date:** November 07, 2023

**What do you like best about ZAP by Checkmarx?**

Support for Active, Passive and Fuzzy scans via Desktop app as well as it can be used via API bindings which can be further integrated in pipelines and can be scheduled as required

**What do you dislike about ZAP by Checkmarx?**

For using OWASP ZAP little more crisp documentation is required though we will get best community support. 
Application can be used by beginer but for getting expertise we need some more documentation.

**What problems is ZAP by Checkmarx solving and how is that benefiting you?**

As we had integrated OWASP ZAP in pipeline so it's was not a specific task for someone to look into but the security issues were captured in notime, when the code is pushed and deployed on environment it was triggering these active, passive and fuzzy scans and the issues were reported way early.

  ### 11. ZAP integration in CICD process for SecOps

**Rating:** 4.5/5.0 stars

**Reviewed by:** Vijudev V. | Mid-Market (51-1000 emp.)

**Reviewed Date:** December 29, 2023

**What do you like best about ZAP by Checkmarx?**

Easy to integrate with the CICD tools like Jenkins, Number of features  like different scan methods

**What do you dislike about ZAP by Checkmarx?**

about the documentation available in the websites

**What problems is ZAP by Checkmarx solving and how is that benefiting you?**

Used in Jenkins pipeline for the penetration testing of websites using OWASP ZAP

  ### 12. One of the Best Vulnerability Assessment Tool

**Rating:** 5.0/5.0 stars

**Reviewed by:** Chevuru N. | Penetration Tester, Computer & Network Security, Small-Business (50 or fewer emp.)

**Reviewed Date:** June 26, 2023

**What do you like best about ZAP by Checkmarx?**

A Great Vulnerability Assessment Tool  Easy to Use, Anyone can understand the user interface. It makes pentester work easier.

**What do you dislike about ZAP by Checkmarx?**

Everything is good in Zed Attack Proxy. Only one request to OWASP ZAP team needs to add  web requests and response images in PDF report.

**What problems is ZAP by Checkmarx solving and how is that benefiting you?**

Easy to perform Vulnerability Assessment and Penetration Testing. It saves Security auditors time and money. It allows to perform Passive and Active scaning to find vulnerabilities and more.

  ### 13. Great solution to monitor website security

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Small-Business (50 or fewer emp.)

**Reviewed Date:** November 13, 2023

**What do you like best about ZAP by Checkmarx?**

It is easy to use and integrate it any solution with automation.

**What do you dislike about ZAP by Checkmarx?**

Not much documentation or support present

**What problems is ZAP by Checkmarx solving and how is that benefiting you?**

It helps to detect any vulnerability in the website. Along with recommendations to resolve those issues.

  ### 14. Great tool to monitor and detect security issues in a website.

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Small-Business (50 or fewer emp.)

**Reviewed Date:** November 07, 2023

**What do you like best about ZAP by Checkmarx?**

The tool can be automated and intgerated easily.

**What do you dislike about ZAP by Checkmarx?**

Not much documentation in case of any error.

**What problems is ZAP by Checkmarx solving and how is that benefiting you?**

It helps to detect any top 10 owasp vulnerabilities present in a website and also provide remediation for the same.



- [View ZAP by Checkmarx pricing details and edition comparison](https://www.g2.com/products/zap-by-checkmarx/reviews?section=pricing&secure%5Bexpires_at%5D=2026-07-07+16%3A40%3A44+-0500&secure%5Bsession_id%5D=e650d150-af69-4303-b34e-1fbc28b9a9f0&secure%5Btoken%5D=66a2cf7a18bc06d82718ee52dd77c8fa73df71f0422cdcad8e97df08a685d804&format=llm_user)

## ZAP by Checkmarx Features
**Administration**
- API / Integrations
- Extensibility
- Reporting and Analytics

**Administration**
- API / Integrations
- Extensibility

**Analysis**
- Issue Tracking
- Reconnaissance
- Vulnerability Scan

**Analysis**
- Reporting and Analytics
- Issue Tracking
- Static Code Analysis
- Vulnerability Scan
- Code Analysis

**Testing**
- Command-Line Tools
- Manual Testing
- Test Automation
- Performance and Reliability

**Testing**
- Manual Testing
- Test Automation
- Compliance Testing
- Black-Box Scanning
- Detection Rate
- False Positives

## Top ZAP by Checkmarx Alternatives
  - [GitLab](https://www.g2.com/products/gitlab/reviews) - 4.5/5.0 (881 reviews)
  - [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews) - 4.5/5.0 (289 reviews)
  - [Harness Platform](https://www.g2.com/products/harness-platform/reviews) - 4.6/5.0 (300 reviews)

