Qualys Web Application Scanning (WAS) is a DAST tool. It stands for Dynamic Application Security Testing. Unlike SAST (Static Application Security Testing) tools, WAS doesn't examine source code. Instead, it interacts with your web application like a real user, analyzing its responses to identify vulnerabilities.

Qualys WAS also integrates with WAF (Web Application Firewall) solutions, including potentially your company's standard WAF or Security Assertion Markup Language (SAML) interface.

It gave us an idea of what lay in our network, and the vulnerabilities in it. Most IT admins are not aware of what is happening on the network. It was able to advise them of what's happening on the network. They could see the web-based applications and where attacks on the outside were coming from.

On the dashboard, you can see vulnerabilities that you have, as they are increasing or reducing over periods of time.

WAS gave us visibility into our externally exposed web applications and showed us vulnerabilities that we were not aware of and did not know how to test for. We didn't need any knowledge of these vulnerabilities or how they worked to scan for them and to gain the visibility.

The biggest benefit was integrating Qualys scanning into our CI/CD pipeline to vulnerability-scan new custom machine images (for OpenStack or AWS) before deployment. We’d build the image, instantiate it, run Qualys against it, get the report, post-process it, look for new errors or changes (if any), review just those and either block deployment or update our exceptions list for next time.

It's provided us with comprehensive, proactive, and automated vulnerability assessment.

We are looking for automation in our scanning activities or projects, because manual won't work. So, automation is required for us. As a result, using the Qualys scanner result is helpful for us.

We use many other products along with Qualys. In a way, Qualys dashboards are good to keep track of vulnerabilities found asset-wise.

With our vulnerabilities under control, it puts our services in compliance and minimizes our risk for exposure.

In order to finish a project, a penetration test in our company is on average five days, including documentation. Without this tool, the testing would take five days! 

By using QualysGuard, we are able to finish external scans with assured results in half the time.

Dynamic features for pen testing automation, with manual.

Scheduling feature allows to scan on the weekends and holidays in a planned way.

It definitely helps us with the remediation process as we can create different reports, whatever is required at the time.