We performed a comparison between Qualys Web Application Scanning and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It works with many different products."
"It is a good product for website penetration testing to detect vulnerabilities."
"With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."
"It is a cloud-based solution, so it is easy to scale."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"It has given our management a view into issues with all of our product lines. We have three products and all of them were scanned. As a result, the project lead for each product has taken measures to improve things."
"It gives me an idea about the most important vulnerabilities and fast remediation tips."
"The innovative features offered by Veracode are excellent."
"Developer Sandboxes help move scanning earlier within the SDLC."
"I liked that I could easily find out where my errors were. Instead of going through the whole code and the scripts, it showed me where the errors were and gave me an idea of how to fix them."
"The most valuable feature of Veracode Static Analysis is the scanning."
"It has caught lots of flaws that could have been exploited, like SQL injection flaws. It has also improved developer engagement with information security."
"Our development team use this solution for static code analysis and pen testing."
"The reporting contains too many false positives."
"The virus code updates are not frequent enough."
"The support could be faster."
"There should be better visibility into the application."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
"They should try to include business logic vulnerabilities in the scanner testing."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"There should be better visibility into the application."
"I would like to see improvement on the analytics side, and in integrations with different tools. Also, the dynamic scanning takes time."
"It can take time to find options if you don’t use the interface a lot. At some point, a bit of interface restyling may help."
"The security labs integration has room for improvement."
"I think for us the biggest improvement would be to have an indicator when there's something wrong with a scan."
"I think if they could improve the operations around accepted vulnerabilities, we would see improvements in our productivity."
"Improve Mobile Application Dynamic Scanning DAST - .ipa and .apk"
"A high number of false positives are reported and this should be reduced."
"I would like to see more AI features. It's a current subject because with ChatGPT and other solutions being developed all the time, IT attacks will increase... To defend against those it's very important that the good guys use AI in ways that are good instead of bad."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 18th in Application Security Tools with 31 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Qualys Web Application Scanning is rated 7.8, while Veracode is rated 8.2. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Qualys Web Application Scanning is most compared with OWASP Zap, SonarQube, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Acunetix. See our Qualys Web Application Scanning vs. Veracode report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.