List of OWASP ZAP Customers
Bel Air, 21014, MD,
United States
Since 2010, our global team of researchers has been studying OWASP ZAP customers around the world, aggregating massive amounts of data points that form the basis of our forecast assumptions and perhaps the rise and fall of certain vendors and their products on a quarterly basis.
Each quarter our research team identifies companies that have purchased OWASP ZAP for Application Security (AppSec) from public (Press Releases, Customer References, Testimonials, Case Studies and Success Stories) and proprietary sources, including the customer size, industry, location, implementation status, partner involvement, LOB Key Stakeholders and related IT decision-makers contact details.
Companies using OWASP ZAP for Application Security (AppSec) include: Mozilla, a United States based Communications organisation with 1756 employees and revenues of $653.0 million, Jit, a United States based Professional Services organisation with 150 employees and revenues of $30.0 million, Lombiq, a Hungary based Professional Services organisation with 18 employees and revenues of $3.0 million and many others.
Contact us if you need a completed and verified list of companies using OWASP ZAP, including the breakdown by industry (21 Verticals), Geography (Region, Country, State, City), Company Size (Revenue, Employees, Asset) and related IT Decision Makers, Key Stakeholders, business and technology executives responsible for the software purchases.
The OWASP ZAP customer wins are being incorporated in our Enterprise Applications Buyer Insight and Technographics Customer Database which has over 100 data fields that detail company usage of software systems and their digital transformation initiatives. Apps Run The World wants to become your No. 1 technographic data source!
Apply Filters For Customers
| Logo | Customer | Industry | Empl. | Revenue | Country | Vendor | Application | Category | When | SI | Insight |
|---|---|---|---|---|---|---|---|---|---|---|---|
 |
Jit | Professional Services | 150 | $30M | United States | OWASP | OWASP ZAP | Application Security (AppSec) | 2023 | n/a |
In 2023, Jit integrated OWASP ZAP into its product security orchestration platform. The OWASP ZAP deployment serves as the dynamic application security testing DAST component for Application Security (AppSec) within Jit's DevSecOps and product security orchestration. Headquartered in the United States, Jit configured ZAP to operate as an automated scanning engine across customer facing workflows.
Jit uses OWASP ZAP to deliver automated web application and API scanning as part of customer workflows. Scans are executed automatically from orchestration triggers and integrated into CI/CD pipeline stages, enabling scheduled and on demand DAST against build artifacts and deployed APIs.
The implementation architecture positions OWASP ZAP as an orchestrated scan engine invoked by the platform, feeding scan results into Jit's security workflow for vulnerability aggregation and remediation tracking. Operational scope includes AppSec and DevSecOps teams and extends to customer environments where Jit runs scans as part of managed product security orchestration.
Governance centralized scanner configuration and scan policies within the orchestration layer, standardizing trigger conditions, scan profiles, and the handoff from detection to engineering remediation. The full application name OWASP ZAP and the Apps Category Application Security (AppSec) are embedded in Jit's platform to ensure consistent DAST orchestration across CI/CD pipelines and customer workflows.
|
 |
Lombiq | Professional Services | 18 | $3M | Hungary | OWASP | OWASP ZAP | Application Security (AppSec) | 2023 | n/a |
In 2023, Lombiq integrated OWASP ZAP into its UI Testing Toolbox to run automated security scans against ASP.NET Core applications on each code change, embedding dynamic application security testing as part of developer workflows. The implementation uses OWASP ZAP as the DAST engine within Lombiqs continuous integration pipeline, aligning the deployment with the Application Security (AppSec) category and focusing scans on UI-driven test execution for web applications.
The integration configured OWASP ZAP to execute with UI test suites, enabling automated vulnerability detection and CI-based application security checks that run on developer commits. Operational scope centers on Lombiqs Budapest engineering teams in Europe, where the tool is orchestrated from the UI Testing Toolbox into the build pipeline to surface findings to developers during normal test runs, tightening security validation within the development pipeline.
|
 |
Mozilla | Communications | 1756 | $653M | United States | OWASP | OWASP ZAP | Application Security (AppSec) | 2021 | n/a |
In 2021, Mozilla implemented OWASP ZAP for Application Security (AppSec) across core Firefox services including Accounts, Add-ons, and Sync. The deployment targeted web application security verification for these services and established an organization level program operating from Mozilla's United States engineering footprint.
OWASP ZAP was configured to run daily headless baseline scans as an automated first line of detection, and the implementation incorporated both passive observation and active scanning workflows to identify common web vulnerabilities. Configuration emphasized repeatable baseline scans and scripted scanner profiles to ensure consistent coverage across service endpoints.
The OWASP ZAP implementation was integrated into Mozilla's CI/CD pipelines to enforce quality gates and block insecure deployments, creating an automated feedback loop between security scans and build progression. Operational coverage included continuous scanning during development and preproduction phases for Accounts, Add-ons, and Sync, and the program surfaced issues across many sites, with 73 affected sites reported.
Governance centered on improving vulnerability triage and adoption of web security controls, with security findings routed into Mozilla's vulnerability management workflows for prioritization and remediation. The program reinforced deployment blocking at the pipeline level and increased structured handling of web application vulnerabilities across engineering teams.
|
Buyer Intent: Companies Evaluating OWASP ZAP
Discover Software Buyers actively Evaluating Enterprise Applications
| Logo | Company | Industry | Employees | Revenue | Country | Evaluated | ||
|---|---|---|---|---|---|---|---|---|
| No data found | ||||||||