I am using the latest version of Qualys Web Application Scanning.

Qualys Web Application Scanning is deployed both on-premises and on-cloud in our organization. The solution is deployed on the private Azure and GCP clouds.

We do not manage the solution. We implement it on behalf of our clients. I work in a consulting company. We do not own the solution; we just configure it.

In terms of web application scanning, Tenable and Rapid7 are not as reliable as Qualys Web Application Scanning.

Overall, I rate Qualys Web Application Scanning a nine out of ten.

I recommend Qualys Web Application Scanning to others. It is easy to set up and use. It has less false policies as well. Once we onboard all the customers’ assets after setting it up, it takes almost an hour to have everything running and to log reports. I rate it a ten out of ten.

For those considering Qualys, it's important to understand how it fits into their overall security strategy, especially regarding web application and firewall (WAF) security. 

It's crucial to grasp the full capabilities of Qualys to make an informed decision. I'd advise understanding the product thoroughly to see if it aligns with your security needs.

Overall, I would rate the solution a nine out of ten. 

My advice to those wanting to implement this solution is if you have experience and knowledge with vulnerability management and reading through all the threats, this could be a good platform for you. If you are a new starter this solution is not a good place to start.

I rate Qualys Web Application Scanning an eight out of ten.

I would recommend Qualys if the budget is not a problem. There may be other open-source solutions that could be used to perform a similar analysis.   

On a scale from one to ten (where one is the worst and ten is the best), I would rate this solution as an eight-out-of-ten.  

I am using the latest version of the solution.

Tenable makes us wait 90 days to delete the test web application, and Rapid7 does not allow us to delete it as well as  Acunetix (once a year).
I will recommend the solution to others. Overall, I rate the solution an eight out of ten.

I would recommend getting the POC done before implementing WAS, especially if there will be a lot of APIs involved in developing the product. Look at how the endpoint security works when the APIs run with a different channel, like web and mobile applications. I would give Qualys WAS a rating of six out of ten.

I integrate Qualys and QRadar. QRadar is for SCM. It helps centralize the management of the network. It provides good visibility of Qualys. Qualys is a good product. There are better tools in the market. However, I recommend Qualys to others. Overall, I rate the product an eight out of ten.

Qualys is a stable and reliable solution. It has been around for a long time.

Overall, I would rate the solution an eight out of ten. There is scope for improvement. It is still an early technology. 

I'd recommend the solution to others. We haven't had any issues after two years of working with it. 

I'd rate the solution eight out of ten.

My advice for anyone considering this solution is, "Go for it." 

On a scale of one to ten, I would give Qualys Web Application Scanning a seven.

Qualys Web Application Scanning is easy to use and deploy. I rate it a nine out of ten. However, it could be less expensive compared to other open-source tools.

I would recommend this solution to others.

I rate Qualys Web Application Scanning a seven out of ten.

I rate Qualys Web Application Scanning nine out of 10. I think Web Application Scanning should integrate VMDR, a more enhanced capability that Qualys offers for enterprise vulnerability assessments. However, Qualys is way ahead of the competition on the web application front. 

If you're an industrial company, you should evaluate the OT scanning capability that Qualys is about to launch. It will cover all your enterprise web applications and secure your factories as well. Qualys should be a one-stop shop meeting all your end-to-end vulnerability assessment requirements, so you don't need to buy solutions from different vendors,

Qualys is a stable and reliable solution. It has been around for a long time.

Overall, I would rate the solution an eight out of ten. There is scope for improvement. It is still an early technology.

I would rate this solution an eight out of ten.

My team was responsible for operating the Symantec development hybrid cloud (about 6K servers in four DCs and multiple AWS regions). We use Qualys Enterprise to scan our private cloud infrastructure and machine images, and the Qualys Virtual Appliance to do custom AMI validation before deployment in AWS. I don’t recall which versions we used but we kept them up to date.

I give them a seven out of 10. The product is pretty good, but not great. It simply isn’t feasible for a tool like this to be accurate (no false negatives, few false positives), so you wind up doing a fair amount of post-processing of scan results. The profile update cycles are not what I’d like to see, so the vendor isn’t reacting to new threats anywhere near fast enough.

Also, look at other vendors, of course. Tenable was getting a lot of good buzz at Symantec last year. Be clear in advance on how much “overhead” you’re willing to pay in order to run “regular” scans on your DC machines and networks. In the cloud space, it’s somewhat better to verify the base image once, and focus on application vulnerabilities, where possible.

I would advise someone considering this product is to find a solution that is easy to use. We use this solution because we need to.

I would rate it an eight out of ten. Not a ten because the reporting needs improvement. It should have better automatic reporting. 

It is a very much stable. If you have a good amount of calender-based activities, it is good for defining frequency. You can define the calendar internally, then you can do your scanning. Though, it has some triaging features which should finally be fixed. 

Qualys is only a good product for in-house vulnerability management programs. It is not feasible to use Qualys for client-facing consulting engagements because of the cost.

We are using the cloud deployment model.

I would recommend other users to use Qualys Application Scanning for application security. If you're serious about security you need a service or a solution that does continuous scanning of your application and infrastructure. There are always vulnerabilities being introduced.

I would rate the solution eight out of ten.

We are an institutional partner of QualysGuard and buy bulk licenses. 

On a scale from one to ten where one is the worst ten is the best, I would rate Qualys as a seven at this point. It is difficult to rate Qualys — or even products from other companies — as better than this because we are hearing the same thing from all the product manufacturers before we went into testing. But based on the references from other users about Qualys, our current level of experience, the pricing as we know it and the services that are offered for free, Qualys is a seven.  

What we have mostly found at this point is that you can't just install a free trial version of a product and get a complete impression immediately. With some products like Qualys or others in the category, the pricing may not be completely right because there are hidden costs. It could be one solution is not quick to deploy and that seems to make it difficult but in actual use, it is easier than everything else. Some products will be easy to set up and after 10 days of trying to work with it, I might be disappointed because of what I committed to.  

I would recommend this tool. Simply, go for it. The video tutorials would give an insight on the simplicity and effectiveness of the product.