We performed a comparison between Checkmarx One and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The user interface is excellent. It's very user friendly."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"It shows in-depth code of where actual vulnerabilities are."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"Less false positive errors as compared to any other solution."
"We use the solution to validate the source code and do SAST and security analysis."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"This product is designed for easy scalability and can easily scale up without major challenges."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera."
"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"The solution's user interface could be improved because it seems outdated."
"I would like to see the tool’s pricing improved."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"The integration could improve by including, for example, DevSecOps."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"We can run only one project at a time."
"The software’s pricing could be improved."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"The product should allow users to upload their payloads."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"Deployment can be complicated."
"The support could be faster."
"The pricing does not seem to be competitive."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
More Qualys Web Application Scanning Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. Checkmarx One is rated 7.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Snyk. See our Checkmarx One vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.