Qualys Web Application Scanning Review

It reports fewer false positives than other tools. The tool should have a live HTTP editor and more mature APIs.


What is most valuable?

There is nothing out of the box in the Qualys web application scanning module. One good thing is that it reports fewer false positives.

How has it helped my organization?

We use many other products along with Qualys. In a way, Qualys dashboards are good to keep track of vulnerabilities found asset-wise.

What needs improvement?

The tool should have a live HTTP editor and more configuration options for some situations, such as handling applications that have URL rewriting enabled.

The tool should have more mature APIs for integration and automation. They should provide more flexible APIs to download reports.

For how long have I used the solution?

I have been using it for almost four years now.

What do I think about the stability of the solution?

Qualys is good, stability-wise.

What do I think about the scalability of the solution?

Qualys is perfect, scalability-wise.

How are customer service and technical support?

On a scale of 1-5 with 5 being the highest, I would rate technical support at 3.

Which solution did I use previously and why did I switch?

I have used Nessus, Burp Suite, and IBM AppScan. Cost- and functionality-wise, I find Burp Suite the best of them all. AppScan is good, but very expensive and reports more false positives.

How was the initial setup?

Setup is straightforward.

What's my experience with pricing, setup cost, and licensing?

Licensing could be cheaper. It is expensive at present.

What other advice do I have?

Qualys is only a good product for in-house vulnerability management programs. It is not feasible to use Qualys for client-facing consulting engagements because of the cost.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Qualys Web Application Scanning reviews from users
...who work at a Financial Services Firm
...who compared it with Rapid7 AppSpider
Find out what your peers are saying about Qualys, Veracode, Acunetix and others in Application Security. Updated: January 2021.
455,301 professionals have used our research since 2012.
Add a Comment
Guest