We performed a comparison between OWASP Zap and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It updates repositories and libraries quickly."
"The HUD is a good feature that provides on-site testing and saves a lot of time."
"They offer free access to some other tools."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"It's great that we can use it with Portswigger Burp."
"The solution has tightened our security."
"The application scanning feature is the most valuable feature."
"The solution is scalable."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"The product prevents possible vulnerabilities in our network."
"This product is designed for easy scalability and can easily scale up without major challenges."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"The interface is user-friendly and easy to understand."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"It is a cloud-based solution, so it is easy to scale."
"The solution is somewhat unreliable because after we get the finding, we have to manually verify each of its findings to see whether it's a false positive or a true finding, and it takes time."
"I prefer Burp Suite to SWASP Zap because of the extensive coverage it offers."
"The port scanner is a little too slow."
"The solution is unable to customize reports."
"Too many false positives; test reports could be improved."
"The documentation is lacking and out-of-date, it really needs more love."
"It would be nice to have a solid SQL injection engine built into Zap."
"Deployment is somewhat complicated."
"The support could be faster."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"There should be better visibility into the application."
"There could be better management and faster scanning."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
More Qualys Web Application Scanning Pricing and Cost Advice →
OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews while Qualys Web Application Scanning is ranked 14th in Static Application Security Testing (SAST) with 31 reviews. OWASP Zap is rated 7.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Veracode and Checkmarx One, whereas Qualys Web Application Scanning is most compared with Veracode, SonarQube, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning. See our OWASP Zap vs. Qualys Web Application Scanning report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.