Qualys Web Application Scanning Reviews

Filter by:Reset all filters
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Real User
CEO at a tech services company with 51-200 employees
Jan 16 2020

What is most valuable?

I am not the person who is actually directly testing this. One of the other people from our team is doing that. But I was involved in the selection of what we products we should compare based on available features, demos, and how products… more»

What needs improvement?

Knowing we are in an early phase of discovery and comparison, it is impossible to know exactly what features may need improvement. Some seem to be interesting, on the other hand. The only thing that is in need of improvement from my… more»

What's my experience with pricing, setup cost, and licensing?

The pricing of Qualys is quite expensive in comparison with the other products in this category that are offering pretty much the same thing. Pricing is one area of the product that can be improved. At this stage of our discovery, we only… more»

What other advice do I have?

On a scale from one to ten where one is the worst ten is the best, I would rate Qualys as a seven at this point. It is difficult to rate Qualys — or even products from other companies — as better than this because we are hearing the same… more»

Which other solutions did I evaluate?

We were testing a lot of products. We were looking for a good product for our needs and for the needs of our customers to scan vulnerabilities. Qualys was one of the products we chose to do further testing with. The testing with data is… more»
Real User
Senior Information Security Analyst at a financial services firm with 1,001-5,000 employees
Aug 16 2018

What is most valuable?

It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools.

How has it helped my organization?

It gave us an idea of what lay in our network, and the vulnerabilities in it. Most IT admins are not aware of what is happening on the network. It was able to advise them of what's happening on the network. They could see the web-based… more»

What needs improvement?

The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected. Going… more»

What's my experience with pricing, setup cost, and licensing?

Licensing was based on the number of assets that you want to scan on your network. You can also do licensing on subscription. On subscription, it is easier and more flexible. You tell Qualys that you want to move from the 1000 to 2000 band… more»

Which other solutions did I evaluate?

We have been evaluating the following: Rapid7, Tenable.io, Tenable SecurityCenter, and Acunetix for web applications.
Find out what your peers are saying about Qualys, Acunetix, Veracode and others in Application Security. Updated: February 2020.
398,890 professionals have used our research since 2012.
Reviewer32192
Vendor
Delivery Manager at Paladion Networks
Aug 02 2018

What is most valuable?

We are using scanners and the PCI model. We do PCI scanning because we are a PCI vendor. We are using the tool to do the scanning on whatever the latest vulnerabilities there are, and Qualys is always… more»

How has it helped my organization?

We are looking for automation in our scanning activities or projects, because manual won't work. So, automation is required for us. As a result, using the Qualys scanner result is helpful for us.

What needs improvement?

In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are… more»

What's my experience with pricing, setup cost, and licensing?

Qualys has an IT-based licensing based on a yearly license, which is a good way of handling it. However, in some cases, when we do the PCI scanning, the host will not like the scanning and we lose the… more»

Which solution did I use previously and why did I switch?

We were and still are using webMethods Professional. We use both in tandem to do manual testing. That is our process of doing things.

What other advice do I have?

It is a very much stable. If you have a good amount of calender-based activities, it is good for defining frequency. You can define the calendar internally, then you can do your scanning. Though, it… more»
Ssaurabh Kesari
Consultant
Ex Senior Security Analyst and Onsite consultant at Paladion Networks
Mar 11 2018

What is most valuable?

QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations.

How has it helped my organization?

In order to finish a project, a penetration test in our company is on average five days, including documentation. Without this tool, the testing would take five days! By using QualysGuard, we are able… more»

What needs improvement?

In certain cases, this product does have false positives, which the company should work on. They should also try to include business logic vulnerabilities in the scanner testing.

What's my experience with pricing, setup cost, and licensing?

It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders. Try the free trial of the product to understand the basic… more»

What other advice do I have?

We are an institutional partner of QualysGuard and buy bulk licenses.

Which other solutions did I evaluate?

We did try Acutenix, but the quality of results and user interface of Qualys was excellent in comparison.
Reseller
Consultant at a tech services company with 1,001-5,000 employees
Aug 22 2019

What is most valuable?

The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level.

What needs improvement?

They should improve the performance of the security scanning. It should have better performance.

What's my experience with pricing, setup cost, and licensing?

Our licensing costs are on a yearly basis. We buy a group of IP addresses we can scan on a yearly basis.

Which solution did I use previously and why did I switch?

I also checked Rapid7 for internal scanning. I picked Qualys for a specific use. It's a SaaS service. We use it to audit the security level of my customer's internet.

What other advice do I have?

I would advise someone considering this product is to find a solution that is easy to use. We use this solution because we need to. I would rate it an eight out of ten. Not a ten because the reporting needs improvement. It should have… more»
Real User
Security Analyst at Cognizant
Jan 30 2020

What is most valuable?

The most valuable features are scanning analysis and reporting. This solution also provides real-time monitoring. The interface is user-friendly and easy to understand.

What needs improvement?

The reporting needs to be improved because there are a lot of search parameters, and at the end of the day, the reports are so large that it is very difficult for us to go through each and every point to analyze the vulnerabilities. The… more»

What's my experience with pricing, setup cost, and licensing?

There are different options available with respect to licensing.

Which solution did I use previously and why did I switch?

I have also used the Nexus Vulnerability Scanner and it reports fewer false positives.

What other advice do I have?

I would rate this solution an eight out of ten.
Lead43690
Real User
Lead Security Architect at a financial services firm with 501-1,000 employees
Aug 27 2019

What is most valuable?

The vulnerability scanning and patching features are the most valuable parts of the solution.

How has it helped my organization?

With our vulnerabilities under control, it puts our services in compliance and minimizes our risk for exposure.

What needs improvement?

The solution needs to adjust its pricing. They should make it more affordable.

Which solution did I use previously and why did I switch?

We've never used a different solution.

What other advice do I have?

We are using the cloud deployment model. I would recommend other users to use Qualys Application Scanning for application security. If you're serious about security you need a service or a solution… more»

Which other solutions did I evaluate?

We did not evaluate other options before choosing Qualys.
Consultant
Cyber Security Consultant at Simeio
May 23 2018

What is most valuable?

* It's cloud-based so the installation is not so tedious. * Easily deployed. * Highly scalable. * Comprehensive reporting. Also, you can integrate your Burp Suite results and create an integrated report. The way it shows the results - threats and exploit details - makes remediation very easy. We have seen very few false positives. We found the documentation very useful, particularly the roll-out… more»

How has it helped my organization?

It definitely helps us with the remediation process as we can create different reports, whatever is required at the time.

What needs improvement?

The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes. Also, occasionally it can't even authenticate to basic web forms.
See 1 More Qualys Web Application Scanning Reviews

Articles

User Assessments By Topic About Qualys Web Application Scanning

Find out what your peers are saying about Qualys, Acunetix, Veracode and others in Application Security. Updated: February 2020.
398,890 professionals have used our research since 2012.

Qualys Web Application Scanning Questions

What is Qualys Web Application Scanning?

Qualys Web Application Scanning (WAS) is a cloud service that provides automated crawling and testing of custom web applications to identify vulnerabilities including cross-site scripting (XSS) and SQL injection. The automated service enables regular testing that produces consistent results, reduces false positives, and easily scales to secure a large number of websites. Proactively scans websites for malware infections, sending alerts to website owners to help prevent black listing and brand reputation damage.
Also known as
Qualys WAS
Qualys Web Application Scanning customers
BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.