We performed a comparison between CAST Highlight and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."
"It offers good performance."
"CAST Highlight is easy to use and has a good dashboard."
"The most valuable features of CAST Highlight are automation and speed."
"The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."
"The ease of configuration and customization could be improved in CAST Highlight."
"There's a bit of a learning curve at the outset."
"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."
"Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time."
"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."
"The reporting contains too many false positives."
"There should be better visibility into the application."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
"It should have better automatic reporting."
"The product's pricing could be better."
"The pricing does not seem to be competitive."
"The solution needs to adjust its pricing. They should make it more affordable."
More Qualys Web Application Scanning Pricing and Cost Advice →
CAST Highlight is ranked 10th in Software Composition Analysis (SCA) with 5 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. CAST Highlight is rated 7.8, while Qualys Web Application Scanning is rated 7.8. The top reviewer of CAST Highlight writes "Easy to set up with optimized and automated insights". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". CAST Highlight is most compared with SonarQube, Checkmarx One, Snyk, Veracode and Black Duck, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect. See our CAST Highlight vs. Qualys Web Application Scanning report.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.