We performed a comparison between Acunetix and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning time depends on the application's code."
"One of the features that I feel is groundbreaking, that I would like to see expanded on, is the IAS feature: The Interactive Application Security Testing module that gets loaded onto an application on a server, for more in-depth, granular findings. I think that is really neat. I haven't seen a lot of competitors doing that."
"It comes equipped with an internal applicator, which automatically identifies and addresses vulnerabilities within the program."
"Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick."
"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
"Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden."
"The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have."
"It's very user-friendly for the testing teams. It's very easy for them to understand things and to fix vulnerabilities."
"This product is designed for easy scalability and can easily scale up without major challenges."
"The vulnerability management feature is a strong one. And also the patch management feature."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good."
"While we do have it integrated with other solutions, it could still offer more integrations."
"There is room for improvement in website authentication because I've seen other products that can do it much better."
"Currently only supports web scanning."
"We have had issues during upgrades where their scans worked on some apps better with previous versions. Then, we had to work with their tech support, who were great, to get it fixed for the next version."
"There are some versions of the solution that are not as stable as others."
"The solution can be improved by adding the ability to scan subdomains automatically, and by providing reports that can be exported to external databases to share with other solutions."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"The pricing is a bit on the higher side."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"In certain cases, this product does have false positives, which the company should work on."
"Deployment can be complicated."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"The product should allow users to upload their payloads."
"There should be better visibility into the application."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
More Qualys Web Application Scanning Pricing and Cost Advice →
Acunetix is ranked 17th in Application Security Tools with 26 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. Acunetix is rated 7.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and Rapid7 Metasploit, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Snyk. See our Acunetix vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.