We performed a comparison between Klocwork and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."There is a central Klocwork server at our headquarter in France so we connect the client directly to the server on-premises remotely."
"The most valuable feature of Klocwork is finding defects while you're doing the coding. For example, if you have an IDE plug-in of Klocwork on Visual Studio or Eclipse, you can find the faults; similar to using spell check on Word, you can find out defects during the development phase, which means that you don't have to wait till the development is over to find the flaws and address the deficiencies. I also find language support in Klocwork good because it used to support only C, C++, C#, and Java, but now, it also supports Java scripts and Python."
"On-the-fly analysis and incremental analysis are the best parts of Klocwork. Currently, we are using both of these features very effectively."
"There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself."
"The reporting helps us understand the trend of our results and whether we improve over time. We can see the history within Klocwork's server architecture and know that we're making things better. It creates a great story for our management. We can demonstrate value and how our software is developing over time."
"The ability to create custom checkers is a plus."
"One can increase the number of vendors, so the solution is scalable."
"Technical support is quite good."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"The product prevents possible vulnerabilities in our network."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"We'd like to see integration with Agile DevOps and Agile methodologies."
"This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages."
"The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion."
"Klocwork has to improve its features to stay ahead of other free solutions."
"Under NIST cybersecurity standards, we must address vulnerabilities within a specified time after discovering them. When we try to propagate those updates and fixes through the system, it would be nice if the clients could reconnect to the existing server or have the server dynamically updated in some way. I know that isn't easy, but maybe processes could be enhanced to make that more streamlined from a DevOps perspective."
"I believe it should support more languages, such as Python and JavaScript."
"I would like to see better codes between projects and a more user-friendly desktop in the next release."
"Klocwork does have a problem with true positives. It only found 30% of true positives in the Juliet test case."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"The virus code updates are not frequent enough."
"The product's pricing could be better."
"In certain cases, this product does have false positives, which the company should work on."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
"They should try to include business logic vulnerabilities in the scanner testing."
More Qualys Web Application Scanning Pricing and Cost Advice →
Klocwork is ranked 15th in Application Security Tools with 20 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. Klocwork is rated 8.2, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Klocwork writes "Their technical team helps us get the most out of the solution, but we've faced some stability problems in our environment". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Klocwork is most compared with SonarQube, Coverity, Polyspace Code Prover, Checkmarx One and CodeSonar, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect. See our Klocwork vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.