Qualys Web Application Scanning Review

The way results are presented makes remediation easy, but GUI is a little complex


What is our primary use case?

We have a lot of applications in our environment that we need to scan frequently. We have a lot of tutorial sites, e-learning sites, and other related websites which we have to build, maintain, and scan continuously for security purposes.

How has it helped my organization?

It definitely helps us with the remediation process as we can create different reports, whatever is required at the time. 

What is most valuable?

  • It's cloud-based so the installation is not so tedious.
  • Easily deployed.
  • Highly scalable.
  • Comprehensive reporting.

Also, you can integrate your Burp Suite results and create an integrated report. 

The way it shows the results - threats and exploit details - makes remediation very easy.

We have seen very few false positives. We found the documentation very useful, particularly the roll-out guide. While the tool is not hard to use, by dividing the documentation into sections, the company provided specific guidance on use cases that are not necessarily limited to the tool itself.

What needs improvement?

The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes. 

Also, occasionally it can't even authenticate to basic web forms.

For how long have I used the solution?

One to three years.

How is customer service and technical support?

Qualys offers one excellent support, which includes 24/7 phone and mail support, as well as access to its online user community.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email