We performed a comparison between Qualys Web Application Scanning and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues."
"It is a cloud-based solution, so it is easy to scale."
"It works with many different products."
"It is a good product for website penetration testing to detect vulnerabilities."
"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
"By using QualysGuard, we are able to finish external scans with assured results in half the time."
"This product is designed for easy scalability and can easily scale up without major challenges."
"Veracode Fix is a new feature that functions similarly to auto-remediation for low or medium flaw codes."
"One thing that I like about Veracode is that it is quite a good tool for dynamic application testing."
"It changes the DevSecOps process because we find flaws much earlier in the development life cycle, and we also spot third-party software that we don't allow on developers' machines."
"Informs me of code security vulnerabilities. Bamboo build automation with Veracode API calls are used."
"All the features provided by Veracode are valuable, including static scan, dynamic scan, and MPT (Manual Penetration Testing)."
"Being able to scan our applications and identify all codes and defects is an extremely valuable feature."
"The security team can track the remediation and risk acceptance statistics."
"The installation was straightforward."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"There should be better visibility into the application."
"There could be better management and faster scanning."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"Deployment can be complicated."
"In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us."
"The virus code updates are not frequent enough."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"One concern is that scans take a long time to run. We scan at the end of the day because we know it will take a lot of time. We leave it to run and the report will be generated by the next day when we arrive. The scanning time could be reduced."
"They should improve on the static scanning time."
"There might be room for improvement in the in-app guidance and the tips and tricks for the developer about how to progress. We would like more insight into the development environment, where they would get guidance on how to avoid flaws."
"When we scan binary, when we perform binary analysis, it could go faster. That has a lot to do with the essence of scanning binary code, it takes a little bit longer. Certain aspects, depending on what type of code it is, take a little long, especially legacy code."
"The scanning on the UI portion of our applications is straightforward, but folks were having challenges with scans that involved microservices. They had to rope in an expert to have it sorted."
"Veracode scans provide a higher number of false positives."
"It needs to reach the level of Checkmarx's and Fortify Software's capabilities and service levels, or may further loosen the market share."
"While Veracode is way ahead of its competitors on Gartner Magic Quadrant, it's a bit more expensive than Fortify. It's a good solution for the cost, but if we had a high budget, we would go with Checkmarx, which is much better than Veracode."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 18th in Application Security Tools with 31 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Qualys Web Application Scanning is rated 7.8, while Veracode is rated 8.2. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Qualys Web Application Scanning is most compared with OWASP Zap, SonarQube, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Acunetix. See our Qualys Web Application Scanning vs. Veracode report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.