• Home
  • CAST Application Intelligence Platform vs. Qualys Web Application Scanning

CAST Application Intelligence Platform vs Qualys Web Application Scanning comparison

Cancel
You must select at least 2 products to compare!
Featured Review
Vishal-Goyal
Has a security dashboard that's helpful because it gives compliance checks based on some of the leading frameworks in the industry
Brammadevan K
Operates as a DAST tool, examining the application from an external perspective to identify security issues
Qualys Web Application Scanning (WAS) is a DAST tool. It stands for Dynamic Application Security Testing. Unlike SAST (Static Application Security... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Our clients use CAST Highlight for cloud migration. This allows them to remove or remediate the blockers which are highlighted. This part of the solution shows improvement in quality and captures feedback for our clients.""The most valuable feature of the CAST Application Intelligence Platform is its security dashboard which is a dedicated dashboard that's pretty helpful because it gives compliance checks based on some of the leading frameworks in the industry, such as ISO 5055, OWASP, CWE Top 25, and NIST security guidelines. I find the security dashboard of the solution and the information it provides pretty useful. The security dashboard of the CAST Application Intelligence Platform is a feature that stands out.""Used for controlling the technical debt and code quality.""CAST's risk and security flow detection capabilities are highly effective, particularly in identifying security vulnerabilities. It is one of the most important and valuable features of the platform.""It supports most programming languages."

More CAST Application Intelligence Platform Pros →

"Its most valuable features are patch management, vulnerability management, and PCI compliance.""It is a good product for website penetration testing to detect vulnerabilities.""The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good.""It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools.""It is a cloud-based solution, so it is easy to scale.""The vulnerability management feature is a strong one. And also the patch management feature.""It works with many different products.""​This product is designed for easy scalability and can easily scale up ​without major challenges."

More Qualys Web Application Scanning Pros →

Cons
"The overall coverage of rules could be improved in the CAST Application Intelligence Platform because it does not cater to or cover all. For example, 2022 CWE coverage is still not available in the CAST Application Intelligence Platform. The solution also covers some NIST rules, but it does not cater to all rules. An additional feature I'd like to see in the next update of the CAST Application Intelligence Platform is for it to provide source code developer and contributor details, especially information on which areas of code were touched. This would be a good insight as the CAST Application Intelligence Platform looks into the source code.""The integration of this solution could be improved.""Implementation could be made more simpler as it is complex.""It has very few plugins to access different code repositories, so source code has to be fed.""Areas for improvement in CAST AIP include enhancing support for implementation in complex environments and improving technical support to address organizational challenges alongside engineering issues."

More CAST Application Intelligence Platform Cons →

"The product's pricing could be better.""There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage.""When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem.""There should be better visibility into the application.""The virus code updates are not frequent enough.""The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs.""The solution needs to adjust its pricing. They should make it more affordable.""The reporting contains too many false positives."

More Qualys Web Application Scanning Cons →

Pricing and Cost Advice
  • "I do know how the CAST Application Intelligence Platform is licensed, but I'm not able to give the cost because the price is not listed. My company works with individual vendors, so pricing is on a case-to-case basis, but the vendors give specialized pricing because of the enterprise deployment, though my team is aware of product pricing based on lines of code, based on the number of applications, etc., I'm unable to give the exact licensing costs of the CAST Application Intelligence Platform. My company doesn't have to pay extra for some features or services because all are included as part of the enterprise license. On a scale of one to five, with five being very cheap and one being very expensive, I would rate the CAST Application Intelligence Platform as three out of five."

    • More CAST Application Intelligence Platform Pricing and Cost Advice →

  • "​It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders​."
  • "Try the free trial of the product to understand the basic working mechanisms.​"
  • "Qualys has an IT-based licensing based on a yearly license, which is a good way of handling it. However, in some cases, when we do the PCI scanning, the host will not like the scanning and we lose the IT license. So, this could be improved."
  • "Licensing was based on the number of assets that you want to scan on your network. You can also do licensing on subscription. On subscription, it is easier and more flexible. You tell Qualys that you want to move from the 1000 to 2000 band or the 3000 or 5000 band, then they will give you the quotation for it. Once you pay for it, applying the licensing is quite easy and effective."
  • "Pricing was reasonable and competitive. It was not too far above the other products."
  • "The product is expensive, at least initially, in comparison to other products in this category."
  • "There are different options available with respect to licensing."
  • "The cost is $30,000 USD for one year to cover WAS (Web Application Security) and the VM (Virtual Machine) security in a company with 200 employees."

    • More Qualys Web Application Scanning Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Software Development Analytics solutions are best for your needs.
    See Recommendations
    768,246 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about CAST Application Intelligence Platform?
    Top Answer:The most valuable feature of the CAST Application Intelligence Platform is its security dashboard which is a dedicated dashboard that's pretty helpful because it gives compliance checks based on some… more »
    Read all 2 answers   →
    What needs improvement with CAST Application Intelligence Platform?
    Top Answer:The overall coverage of rules could be improved in the CAST Application Intelligence Platform because it does not cater to or cover all. For example, 2022 CWE coverage is still not available in the… more »
    Read all 2 answers   →
    What is your primary use case for CAST Application Intelligence Platform?
    Top Answer:We use CAST Application Intelligence Platform for multiple purposes. One of its use cases is understanding the code health in terms of scalability, reliability, efficiency, and performance. These are… more »
    Read all 2 answers   →
    What do you like most about Qualys Web Application Scanning?
    Top Answer:The vulnerability management feature is a strong one. And also the patch management feature.
    Read all 19 answers   →
    What is your experience regarding pricing and costs for Qualys Web Applic...
    Top Answer:From my perspective, it is a budget-friendly option. Qualys offers good value for the features and protection it provides. The pricing seems reasonable, considering the comprehensive security… more »
    Read all 15 answers   →
    What needs improvement with Qualys Web Application Scanning?
    Top Answer:One area for improvement is the application scan interface. Although recent updates have introduced some features, there's a gap in supporting standards beyond OWASP. Currently, there isn't an option… more »
    Read all 18 answers   →
    Ranking
    3rd
    out of 10 in Software Development Analytics
    Views
    1,011
    Comparisons
    682
    Reviews
    2
    Average Words per Review
    753
    Rating
    8.0
    19th
    out of 74 in Application Security Tools
    Views
    4,724
    Comparisons
    3,631
    Reviews
    8
    Average Words per Review
    369
    Rating
    8.1
    Comparisons
    Also Known As
    CAST AIP
    Qualys WAS
    Learn More
    CAST
    Qualys
    Overview

    CAST Application Intelligence Platform (AIP), a result of over $130M in R&D investment over two decades, is an enterprise-grade software measurement and quality analysis solution designed to analyze multi-tiered, multi-technology applications for technical vulnerabilities and adherence to architectural and coding standards and then provide business relevant information to the IT organization through various dashboards and products built with end users in mind.

    • Application Analytics Dashboard (CAST AAD): Provides IT executives with accurate business relevant analytics to drive their organization
    • Application Engineering Dashboard (CAST AED): Provides engineering and QA teams with powerful code and system level structural flaw insight and remediation guidance
    • Enlighten: Delivers to developers a powerful deep understanding of their application’s structure
    • Architecture Checker: Gives architects a reliable, automated solution to enforce architectures that deliver stability and performance of their critical applications

    CAST’s underlying system-level analysis technology assesses both the health of an application, as measured through numerous health factors, as well as specific structural and system-level defects that drive performance and stability issues providing true system level analysis.

    Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.

    Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.

    Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:

    • Deep Scanning: All apps and APIs on your internal network and public cloud are covered by Qualys WAS deep scanning to show you any visible vulnerabilities.

    • DevSec Ops Tool: Detect security issues in your code while still in app development stages and generate comprehensive reports.

    • Comprehensive Discovery: Discover and catalog new and unknown web apps in your network.

    • Malware Detection: Scan a website, identify vulnerabilities, and receive alerts to any infections.


    Benefits of Qualys Web Application Scanning

    Qualys Web Application Scanning offers many benefits, including:

    • Quick Deployment: Requires no infrastructure or software to upkeep.

    • Effortless Scalability: Effortlessly launch a deep scan and protect thousands of websites.

    • Centralized Management: Manage and mend all web app vulnerabilities through a single interface.

    • Excellent Integration Capabilities: Integrates with Qualys Web App Firewall (WAF) for a single-click virtual patching of found vulnerabilities.

    • Respond to Threats Immediately: Qualys Continuous Monitoring offers the user a hands-free service by automatically launching scanning and sending notifications of a potential threat.

    • Cost-effective Solution: Data is analyzed in real time as Qualys WAS is an end-to-end solution; this helps avoid costs associated with managing multiple security vendors.

    Reviews from Real Users

    Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.

    P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."

    Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."

    Sample Customers
    Steria, T-Systems MMS, Atos Origin, Accenture, Capgemini
    BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
    Top Industries
    VISITORS READING REVIEWS
    Financial Services Firm25%
    Computer Software Company16%
    Manufacturing Company13%
    Insurance Company9%
    REVIEWERS
    Financial Services Firm36%
    Computer Software Company14%
    Educational Organization14%
    Comms Service Provider7%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm15%
    Manufacturing Company9%
    Government7%
    Company Size
    VISITORS READING REVIEWS
    Small Business12%
    Midsize Enterprise13%
    Large Enterprise76%
    REVIEWERS
    Small Business19%
    Midsize Enterprise16%
    Large Enterprise66%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise14%
    Large Enterprise67%

    CAST Application Intelligence Platform is ranked 3rd in Software Development Analytics with 4 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. CAST Application Intelligence Platform is rated 7.0, while Qualys Web Application Scanning is rated 7.8. The top reviewer of CAST Application Intelligence Platform writes "Has a security dashboard that's helpful because it gives compliance checks based on some of the leading frameworks in the industry". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". CAST Application Intelligence Platform is most compared with SonarQube, Fortify Application Defender, Fortify on Demand, Checkmarx One and BlueOptima, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect.

    We monitor all Software Development Analytics reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.