What is our primary use case?
I think we have the fastest version, and they always upgrade it. I think it's the $2 or $3-a-month version. They have multiple engines inside it, but it's a site-based service. It is not on-demand, so Qualys will host it. It's the pay as you go service that is on the software-as-a-service.
We use the DAST, dynamic application scan test.
What is most valuable?
The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours.
What needs improvement?
One area that could be improved is the a data server. That's probably what I most noticed in comparison with the Rapid7. Also, the UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs. This is not good.
Additionally, you don't have a recording feature, where you can record your screen navigation. Like a macro, you want to create the full screen, and they don't provide a tool which can record your navigation and then do a replay.
In terms of what should be included in the next release, like I mentioned, just the UI, the user interface screen. Also, it would be good If they could improve and enrich the reports. These are the fundamental differences with Rapid7.
For how long have I used the solution?
I have been using Qualys Web Application Scanning for five years.
What do I think about the stability of the solution?
Qualys Web Application Scanning is very stable and reliable. But the reporting does not look that great.
What do I think about the scalability of the solution?
In terms of scalability, it is very easy to expand. It's very fast and visible.
We don't have many people working on the solution. But our applications are big applications. We are using six components in different applications.
How are customer service and technical support?
How was the initial setup?
Because of tasking, the initial setup is very straightforward. We didn't have to purchase any hardware for the installation. It is task-based. The cloud provision is there. It is good. I think nowadays everyone is going with the cloud provisioning. That way you can subscribe for any number of years to use the software.
I think the initial setup took a couple of hours because there were no plugins and nothing to be installed.
What about the implementation team?
We implemented it ourselves and there was no installation expert here.
Which other solutions did I evaluate?
Yes, we are still comparing it with Rapid7. We want to first make assessments of what advantages we can get with Rapid7.
What other advice do I have?
My advice for anyone considering this solution is, "Go for it."
On a scale of one to ten, I would give Qualys Web Application Scanning a seven.
Which deployment model are you using for this solution?