We performed a comparison between Klocwork and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time."
"The reporting helps us understand the trend of our results and whether we improve over time. We can see the history within Klocwork's server architecture and know that we're making things better. It creates a great story for our management. We can demonstrate value and how our software is developing over time."
"Klocwork's most valuable feature is the static code analysis feature. It detects the potential problem earlier to allow the developer to receive feedback quickly and then address it before it becomes a problem."
"We like using the static analysis and code refactoring, which are very valuable because of our requirements to meet safety critical levels and reliability."
"There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself."
"The ability to create custom checkers is a plus."
"One can increase the number of vendors, so the solution is scalable."
"Technical support is quite good."
"It is a cloud-based solution, so it is easy to scale."
"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
"The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera."
"It is a very stable solution."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"By using QualysGuard, we are able to finish external scans with assured results in half the time."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"What needs improvement in Klocwork, compared to other products in the market, is the dashboard or reporting mechanisms that need to be a bit more flexible. The Klocwork dashboard could be improved. Though it's good, it's not as good as some of the other products in the market, which is a problem. The reporting could be more detailed and easier to sort out because sorting in Klocwork could be a bit more time-consuming, mainly when sorting defects based on filters, compared to how it's done on other tools such as Coverity."
"This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages."
"Klocwork does have a problem with true positives. It only found 30% of true positives in the Juliet test case."
"I would like to see better codes between projects and a more user-friendly desktop in the next release."
"Modern languages, such as Angular and .NET, should be included as a part of Klocwork. They have recently added Kotlin as a part of their project, but we would like to see more languages in Klocwork. That's the reason we are using Coverity as a backup for some of the other languages."
"Klocwork has to improve its features to stay ahead of other free solutions."
"The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion."
"We'd like to see integration with Agile DevOps and Agile methodologies."
"There could be better management and faster scanning."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"The product should allow users to upload their payloads."
"The support could be faster."
"It should have better automatic reporting."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"They should try to include business logic vulnerabilities in the scanner testing."
"The pricing does not seem to be competitive."
More Qualys Web Application Scanning Pricing and Cost Advice →
Klocwork is ranked 15th in Application Security Tools with 20 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. Klocwork is rated 8.2, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Klocwork writes "Their technical team helps us get the most out of the solution, but we've faced some stability problems in our environment". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Klocwork is most compared with SonarQube, Coverity, Polyspace Code Prover, Checkmarx One and CodeSonar, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect. See our Klocwork vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.