Qualys Web Application Scanning Review

Its web-based scanner is very useful for performing external penetration and PCI scans from remote locations


What is our primary use case?

We use Qualys Internet-based scanners for external penetration testing as well as PCI scans for our clients. The tool being Internet based, it can be accessed from any location, and it does not have issues with updating the patches as well as versions (QualysGuard updates the tool at specific periods in a year with prior information). The report generated by QualysGuard is very detailed and easy to understand.

How has it helped my organization?

In order to finish a project, a penetration test in our company is on average five days, including documentation. Without this tool, the testing would take five days! 

By using QualysGuard, we are able to finish external scans with assured results in half the time.

What is most valuable?

QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations.

What needs improvement?

In certain cases, this product does have false positives, which the company should work on. They should also try to include business logic vulnerabilities in the scanner testing.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

The product that we used in our office under different environments is highly stable.

What do I think about the scalability of the solution?

This product is designed for easy scalability and can easily scale up without major challenges.

How is customer service and technical support?

We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues.

How was the initial setup?

It is a straightforward implementation. Once you register over the Internet, they assign you a set of static IP addresses which can be used to perform web-based scans. The administrator panel is easy to understand and create.

What's my experience with pricing, setup cost, and licensing?

It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.

Try the free trial of the product to understand the basic working mechanisms.

Which other solutions did I evaluate?

We did try Acutenix, but the quality of results and user interface of Qualys was excellent in comparison.

What other advice do I have?

We are an institutional partner of QualysGuard and buy bulk licenses. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Add a Comment
Guest
Sign Up with Email