We performed a comparison between Qualys Web Application Scanning and Rapid7 InsightAppSec based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"The vulnerability management feature is a strong one. And also the patch management feature."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."
"Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."
"The most valuable feature of this solution is the graphical interface."
"We have seen measurable decrease in the mean time to respond to threats by 20 percent."
"The product’s most valuable feature is UI. It is easy to manage and find vulnerabilities in the application."
"The templates feature is very easy. You just choose the kind of attack you want on your web application, and you run it against that template and receive a report. It's great."
"It is a very robust solution."
"It is very convenient to get reports from the tool, which offers high-level environmental statistics."
"You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well."
"The solution is stable."
"There should be better visibility into the application."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"The product's pricing could be better."
"The virus code updates are not frequent enough."
"The product should allow users to upload their payloads."
"Deployment can be complicated."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"There should be better visibility into the application."
"The number of web applications we can scan is limited."
"Rapid7 InsightAppSec needs improvement in detecting phishing pages."
"The interface should be a little bit easier to manage. Sometimes, the logic that they use is kind of strange. They need to work a little bit more on their interface to make it more understandable. The interface is the only problem. I'm using Rapid7, which is very intuitive. There are other applications available in the market with a better interface. They can include more techniques or options to test different types of security because the templates are limited. It would be great to see them follow the MITRE ATT&CK framework or what is there in tools like Veracode and Synopsys."
"We get a lot of false positives during the tests."
"I would like more details of what the product can do."
"When you add new projects for the same product, it either duplicates or replaces the scan configuration. If I run a scan for the same product with a different scan configuration, it should keep the previous scan configuration and not replace it with the new scan configuration. It should just add the new scan configuration. That would be helpful. They do keep the results as it is, but the scan configuration keeps changing. For example, I have set a scan configuration to a full scan, and next week, I want to run a new scan for the same product with some changes or new functionalities. I want to run a partial scan. Currently, if I change the scan configuration to partial, it changes the old one also to partial. That should be improved."
"In the future, if they can have integration with a lot of ticketing systems then it would be amazing."
"We'd like to see integrations with WAF solutions."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews while Rapid7 InsightAppSec is ranked 3rd in Dynamic Application Security Testing (DAST) with 12 reviews. Qualys Web Application Scanning is rated 7.8, while Rapid7 InsightAppSec is rated 8.6. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of Rapid7 InsightAppSec writes "A highly scalable and robust product that enables users to automate scans". Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect, whereas Rapid7 InsightAppSec is most compared with Rapid7 AppSpider, OWASP Zap, PortSwigger Burp Suite Professional, Fortify WebInspect and Checkmarx One. See our Qualys Web Application Scanning vs. Rapid7 InsightAppSec report.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.