Qualys Web Application Scanning Reviews

Filter by:Reset all filters
industry
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
rating
Filter Unavailable
Vendor
Sr. Director, Cloud Platform Engineering at a tech vendor with 1,001-5,000 employees
Jun 30 2017

What is most valuable?

We’re a Linux shop and Qualys gave us good Linux vulnerability scanning; no experience with it on MSFT products. It reports only a few glaring false-positive errors (directory ownership was a common one), and our post-processing dealt with... more»

How has it helped my organization?

The biggest benefit was integrating Qualys scanning into our CI/CD pipeline to vulnerability-scan new custom machine images or AWS) before deployment. We’d build the image, instantiate it, run Qualys against it, get the report, post-process... more»

What needs improvement?

The licensing and user permissions are a little wonky for a DevOps team to use, probably because it’s traditionally an InfoSec tool.
Consultant
Ex Senior Security Analyst and Onsite consultant at a tech services company with 501-1,000 employees
Mar 11 2018

What is most valuable?

QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations.

How has it helped my organization?

In order to finish a project, a penetration test in our company is on average five days, including documentation. Without this tool, the testing would take five days! By using QualysGuard, we are able to finish external scans with assured... more»

What needs improvement?

In certain cases, this product does have false positives, which the company should work on. They should also try to include business logic vulnerabilities in the scanner testing.
Find out what your peers are saying about Qualys, Acunetix, CA Technologies and others in Application Security.
284,207 professionals have used our research since 2012.
Real User
Senior Security Systems Engineer at a software R&D company with 501-1,000 employees
Aug 31 2016

What is most valuable?

* Ease of use and setup * Visibility into our environment

How has it helped my organization?

WAS gave us visibility into our externally exposed web applications and showed us vulnerabilities that we were not aware of and did not know how to test for. We didn't need any knowledge of these vulnerabilities or how they worked to scan for... more»

What needs improvement?

The organization of the assets was a little confusing and overwhelming. The system could also use some work in pivoting from a VM scan to add the servers with web applications exposed to the WAS server. It frequently created WAS assets that... more»
Real User
Module Lead with 1,001-5,000 employees
Aug 31 2016

What is most valuable?

There is nothing out of the box in the Qualys web application scanning module. One good thing is that it reports fewer false positives.

How has it helped my organization?

We use many other products along with Qualys. In a way, Qualys dashboards are good to keep track of vulnerabilities found asset-wise.

What needs improvement?

The tool should have a live HTTP editor and more configuration options for some situations, such as handling applications that have URL rewriting enabled. The tool should have more mature APIs for integration and automation. They should... more»
Consultant
Cyber Security Consultant at a tech services company with 10,001+ employees
May 23 2018

What is most valuable?

* It's cloud-based so the installation is not so tedious. * Easily deployed. * Highly scalable. * Comprehensive reporting. Also, you can integrate your Burp Suite results and create an integrated report. The way it shows the results - threats... more»

How has it helped my organization?

It definitely helps us with the remediation process as we can create different reports, whatever is required at the time.

What needs improvement?

The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes. Also, occasionally it can't even authenticate to basic web forms.
See 1 more reviews

Articles

User Assessments By Topic About Qualys Web Application Scanning

Find out what your peers are saying about Qualys, Acunetix, CA Technologies and others in Application Security.
284,207 professionals have used our research since 2012.

Qualys Web Application Scanning Questions

Qualys Web Application Scanning Projects By Members

Qualys Web Application Scanning Consultants

What is Qualys Web Application Scanning?

Qualys Web Application Scanning (WAS) is a cloud service that provides automated crawling and testing of custom web applications to identify vulnerabilities including cross-site scripting (XSS) and SQL injection. The automated service enables regular testing that produces consistent results, reduces false positives, and easily scales to secure a large number of websites. Proactively scans websites for malware infections, sending alerts to website owners to help prevent black listing and brand reputation damage.
Also known as
Qualys WAS
Qualys Web Application Scanning customers
BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
BUYER'S GUIDE
Not sure which Application Security solution is right for you?

Download our free Application Security Report and find out what your peers are saying about Qualys, Acunetix, CA Technologies, and more!

Sign Up with Email