Qualys Web Application Scanning Review

We can do scanning and submit reports straight to customers when there are new vulnerabilities

What is our primary use case?

We use it for external connection testing whenever we have a customer who utilizes post scanning tools for their main message. From the scanner's perspective, we use the scanner results to do manual testing.

How has it helped my organization?

We are looking for automation in our scanning activities or projects, because manual won't work. So, automation is required for us. As a result, using the Qualys scanner result is helpful for us.

What is most valuable?

We are using scanners and the PCI model. We do PCI scanning because we are a PCI vendor. We are using the tool to do the scanning on whatever the latest vulnerabilities there are, and Qualys is always providing us updates. We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not.

What needs improvement?

In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It has been stable.

What do I think about the scalability of the solution?

It is good and scalable.

How are customer service and technical support?

Technical support is responsive.

Which solution did I use previously and why did I switch?

We were and still are using webMethods Professional. We use both in tandem to do manual testing. That is our process of doing things.

How was the initial setup?

We use the cloud instances for our setups. We have one setup, and it is on the cloud, so it is not complex. Actually, we don't have to do any set up. 

We have applications located in our different offices, and so far there set up has not been a challenge.

What's my experience with pricing, setup cost, and licensing?

Qualys has an IT-based licensing based on a yearly license, which is a good way of handling it. However, in some cases, when we do the PCI scanning, the host will not like the scanning and we lose the IT license. So, this could be improved.

What other advice do I have?

It is a very much stable. If you have a good amount of calender-based activities, it is good for defining frequency. You can define the calendar internally, then you can do your scanning. Though, it has some triaging features which should finally be fixed. 

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Qualys Web Application Scanning reviews from users
...who work at a Financial Services Firm
...who compared it with Rapid7 AppSpider
Find out what your peers are saying about Qualys, Veracode, Acunetix and others in Application Security. Updated: June 2021.
510,204 professionals have used our research since 2012.
Add a Comment