We performed a comparison between OWASP Zap and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Simple to use, good user interface."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"The stability of the solution is very good."
"The API is exceptional."
"The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool."
"The most valuable feature is scanning the URL to drill down all the different sites."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"The application scanning feature is the most valuable feature."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"It is a cloud-based solution, so it is easy to scale."
"We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues."
"The product reporting could be improved."
"The technical support team must be proactive."
"It doesn't run on absolutely every operating system."
"There's very little documentation that comes with OWASP Zap."
"Deployment is somewhat complicated."
"The automated vulnerability assessments that the application performs needs to be simplified as well as diversified."
"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."
"Sometimes, we get some false positives."
"There should be better visibility into the application."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"The reporting contains too many false positives."
"The product should allow users to upload their payloads."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"The solution needs to adjust its pricing. They should make it more affordable."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"There could be better management and faster scanning."
More Qualys Web Application Scanning Pricing and Cost Advice →
OWASP Zap is ranked 8th in Application Security Testing (AST) with 37 reviews while Qualys Web Application Scanning is ranked 14th in Application Security Testing (AST) with 31 reviews. OWASP Zap is rated 7.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Veracode and Checkmarx One, whereas Qualys Web Application Scanning is most compared with Veracode, SonarQube, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning. See our OWASP Zap vs. Qualys Web Application Scanning report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.