We performed a comparison between OWASP Zap and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Simple and easy to learn and master."
"We use the solution for security testing."
"The product helps users to scan and fix vulnerabilities in the pipeline."
"The vulnerabilities that it finds, because the primary goal is to secure applications and websites."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"The ZAP scan and code crawler are valuable features."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"The solution is scalable."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."
"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
"It is a cloud-based solution, so it is easy to scale."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"It is a very stable solution."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"Deployment is somewhat complicated."
"Too many false positives; test reports could be improved."
"I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help."
"There's very little documentation that comes with OWASP Zap."
"There are too many false positives."
"I prefer Burp Suite to SWASP Zap because of the extensive coverage it offers."
"The technical support team must be proactive."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"The support could be faster."
"The product should allow users to upload their payloads."
"There should be better visibility into the application."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"The product's pricing could be better."
"There should be better visibility into the application."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
More Qualys Web Application Scanning Pricing and Cost Advice →
OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews while Qualys Web Application Scanning is ranked 14th in Static Application Security Testing (SAST) with 31 reviews. OWASP Zap is rated 7.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Veracode and Checkmarx One, whereas Qualys Web Application Scanning is most compared with Veracode, SonarQube, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning. See our OWASP Zap vs. Qualys Web Application Scanning report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.