We performed a comparison between Qualys Web Application Scanning and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Its most valuable features are patch management, vulnerability management, and PCI compliance."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"It works with many different products."
"It is a cloud-based solution, so it is easy to scale."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"The interface is user-friendly and easy to understand."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs."
"It's not "one policy fits all." I really like that Veracode allows me to set up specific policies that I can apply to applications."
"Tech support is outstanding. Best in class. Absolutely. They bend over backwards to help us. We'll come up with questions and within minutes, we'll get answers. It's amazing. It's truly amazing."
"I like Veracode's ease of integration and onboarding. You can quickly and easily get started with a new project or application. That's one area where Veracode shines relative to other tools we've evaluated. Other tools need more work or an engineer to do the setup. With Veracode, you can do the onboarding in a few steps quickly."
"The platform itself has a lot of AppSec best practices information, especially in the mitigation recommendation process."
"It allows us to prove our security levels to vendors, and additionally helps us with our HIPAA security policies."
"The most valuable feature of Veracode Static Analysis is the scanning."
"From a developer's perspective, Veracode's greenlight feature on the IDE is helpful. It helps the developer to be more proactive in secure coding standards. Apart from that, static analysis scanning is definitely one of the top features of Veracode."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"There should be better visibility into the application."
"They should try to include business logic vulnerabilities in the scanner testing."
"In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us."
"There could be better management and faster scanning."
"The pricing does not seem to be competitive."
"The solution needs to adjust its pricing. They should make it more affordable."
"One feature I would like would be more selectivity in email alerts. While I like getting these, I would like to be able to be more granular in which ones I receive."
"There are certain shortcomings in Veracode's static analysis engine. I would improve Veracode's static analysis engine to make it capable of identifying vulnerabilities with low false positives."
"Static scanning takes a long time, so you need to patiently wait for the scan to achieve. I also think the software could be more accurate. It isn't 100 percent, so you shouldn't completely rely on Veracode. You need to manually verify its findings."
"We have some constraints interacting with Veracode self-support. I'm not talking about their technical support. I'm talking about self-support. We sometimes have a hard time communicating with them."
"The Web portal, at times, is not necessarily intuitive. I can get around when I want to but there are times when I have to email my account manager on: "Hey, where do I find this report?" Or "How do I do this?" They always respond with, "Here's how you do it." But that points to a somewhat non-intuitive portal."
"Sometimes, the scans halt or drop for some reason, and we need to get help from Veracode to fix it."
"We use Ruby on Rails and we still don't have any support for that from Veracode."
"I've found that Veracode is not particularly suitable for Dynamic Application Security Testing."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Qualys Web Application Scanning is rated 7.8, while Veracode is rated 8.2. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Qualys Web Application Scanning is most compared with OWASP Zap, SonarQube, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and Acunetix. See our Qualys Web Application Scanning vs. Veracode report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.