We performed a comparison between OWASP Zap and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution has tightened our security."
"The product helps users to scan and fix vulnerabilities in the pipeline."
"The scalability of this product is very good."
"The application scanning feature is the most valuable feature."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"The product discovers more vulnerabilities compared to other tools."
"You can run it against multiple targets."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"It is easy to use."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"There's very little documentation that comes with OWASP Zap."
"There are too many false positives."
"It doesn't run on absolutely every operating system."
"It would be nice to have a solid SQL injection engine built into Zap."
"Sometimes, we get some false positives."
"Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."
"ZAP's integration with cloud-based CICD pipelines could be better. The scan should run through the entire pipeline."
"The forced browse has been incorporated into the program and it is resource-intensive."
"It should have better automatic reporting."
"The support could be faster."
"The virus code updates are not frequent enough."
"The reporting contains too many false positives."
"Deployment can be complicated."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"There could be better management and faster scanning."
"They should try to include business logic vulnerabilities in the scanner testing."
More Qualys Web Application Scanning Pricing and Cost Advice →
OWASP Zap is ranked 8th in Application Security Testing (AST) with 37 reviews while Qualys Web Application Scanning is ranked 14th in Application Security Testing (AST) with 31 reviews. OWASP Zap is rated 7.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Veracode and Checkmarx One, whereas Qualys Web Application Scanning is most compared with Veracode, SonarQube, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning. See our OWASP Zap vs. Qualys Web Application Scanning report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.