We performed a comparison between OWASP Zap and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The API is exceptional."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"You can run it against multiple targets."
"The product helps users to scan and fix vulnerabilities in the pipeline."
"Simple to use, good user interface."
"It updates repositories and libraries quickly."
"The solution has tightened our security."
"They offer free access to some other tools."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"By using QualysGuard, we are able to finish external scans with assured results in half the time."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"The interface is user-friendly and easy to understand."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"This product is designed for easy scalability and can easily scale up without major challenges."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"It would be nice to have a solid SQL injection engine built into Zap."
"The product reporting could be improved."
"The product should allow users to customize the report based on their needs."
"Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."
"There are too many false positives."
"The documentation is lacking and out-of-date, it really needs more love."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"The product's pricing could be better."
"The reporting contains too many false positives."
"There should be better visibility into the application."
"The software’s pricing could be improved."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"It should have better automatic reporting."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
More Qualys Web Application Scanning Pricing and Cost Advice →
OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews while Qualys Web Application Scanning is ranked 14th in Static Application Security Testing (SAST) with 31 reviews. OWASP Zap is rated 7.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Veracode and Checkmarx One, whereas Qualys Web Application Scanning is most compared with Veracode, SonarQube, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning. See our OWASP Zap vs. Qualys Web Application Scanning report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.