Qualys Web Application Scanning Overview
Qualys Web Application Scanning is the #12 ranked solution in our list of AST tools. It is most often compared to OWASP Zap: Qualys Web Application Scanning vs OWASP Zap
What is Qualys Web Application Scanning?
Qualys Web Application Scanning (WAS) is a cloud service that provides automated crawling and testing of custom web applications to identify vulnerabilities including cross-site scripting (XSS) and SQL injection. The automated service enables regular testing that produces consistent results, reduces false positives, and easily scales to secure a large number of websites. Proactively scans websites for malware infections, sending alerts to website owners to help prevent black listing and brand reputation damage. Qualys Web Application Scanning is also known as Qualys WAS.
Qualys Web Application Scanning Buyer's Guide
Download the Qualys Web Application Scanning Buyer's Guide including reviews and more. Updated: January 2021
Qualys Web Application Scanning Customers
BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.Qualys Web Application Scanning Video
Pricing Advice
What users are saying about Qualys Web Application Scanning pricing:
- "The product is expensive, at least initially, in comparison to other products in this category."
- "The cost is $30,000 USD for one year to cover WAS (Web Application Security) and the VM (Virtual Machine) security in a company with 200 employees."
- "There are different options available with respect to licensing."
Qualys Web Application Scanning Reviews
Filter by:
Loading...
Filter Unavailable
Loading...
Filter Unavailable
Loading...
Filter Unavailable
Loading...
Filter Unavailable
Loading...
Filter Unavailable
Order by:
Loading...
Search:
reviewer1254240
CEO at a tech services company with 51-200 employees
Has comprehensive SSL security measurements but the price should be lowered
What is our primary use case?
For some projects, we will need to use this on-premises. It depends on the confidentiality of our project. For other projects, we will also be deploying on the cloud or maybe a hybrid solution as well. We are looking forward to having a relationship as a partner with this company and maybe one or two others. We are not just a customer. We have a bunch of freelancers that we are working with in three different companies in Slovenia, Australia, and other countries. We are looking for solutions to make our testing and security checks more affordable.Pros and Cons
- "The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good."
- "The pricing does not seem to be competitive."
What other advice do I have?
On a scale from one to ten where one is the worst ten is the best, I would rate Qualys as a seven at this point. It is difficult to rate Qualys — or even products from other companies — as better than this because we are hearing the same thing from all the product manufacturers before we went into testing. But based on the references from other users about Qualys, our current level of experience, the pricing as we know it and the services that are offered for free, Qualys is a seven. What we have mostly found at this point is that you can't just install a free trial version of a product and…reviewer1387992
Senior Software Developer at a tech vendor with 1,001-5,000 employees
Has a good progressive scan feature but the data server needs improvement
What is our primary use case?
I think we have the fastest version, and they always upgrade it. I think it's the $2 or $3-a-month version. They have multiple engines inside it, but it's a site-based service. It is not on-demand, so Qualys will host it. It's the pay as you go service that is on the software-as-a-service. We use the DAST, dynamic application scan test.Pros and Cons
- "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
- "The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
What other advice do I have?
My advice for anyone considering this solution is, "Go for it." On a scale of one to ten, I would give Qualys Web Application Scanning a seven.
Find out what your peers are saying about Qualys, Veracode, Acunetix and others in Application Security. Updated: January 2021.
455,164 professionals have used our research since 2012.
Hwang James
Data Specialist at CHUN SHIN LIMITED
Easy to use for detection of WAS and VM vulnerabilities
What is our primary use case?
We are using Qualys for vulnerability detection in our IDC (International Data Center) on our web pages and world-wide-web applications and services.Pros and Cons
- "It is easy to use."
- "It is a very stable solution."
- "The reporting contains too many false positives."
- "The virus code updates are not frequent enough."
- "Deployment can be complicated."
What other advice do I have?
I would recommend Qualys if the budget is not a problem. There may be other open-source solutions that could be used to perform a similar analysis. On a scale from one to ten (where one is the worst and ten is the best), I would rate this solution as an eight-out-of-ten.Consultab6ea
Consultant at a tech services company with 1,001-5,000 employees
Enables us to identify vulnerability levels and to enforce security credentials
What is our primary use case?
My primary use case of this solution is to audit the security level of my customer's internet. We offer this as a service.Pros and Cons
- "The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
- "It should have better automatic reporting."
What other advice do I have?
I would advise someone considering this product is to find a solution that is easy to use. We use this solution because we need to. I would rate it an eight out of ten. Not a ten because the reporting needs improvement. It should have better automatic reporting.reviewer1228896
Security Analyst at a tech services company with 10,001+ employees
User-friendly, good scanning analysis and reporting, and offers real-time vulnerability monitoring
What is our primary use case?
We primarily use this solution for VM scanning. We scan more than a thousand applications.Pros and Cons
- "The interface is user-friendly and easy to understand."
- "The scanner reports a lot of false positives, which is something that needs to be improved."
What other advice do I have?
I would rate this solution an eight out of ten.Lead43690
Lead Security Architect at a financial services firm with 501-1,000 employees
Puts our services in compliance and minimizes our risk for exposure
Pros and Cons
- "With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."
- "The solution needs to adjust its pricing. They should make it more affordable."
What other advice do I have?
We are using the cloud deployment model. I would recommend other users to use Qualys Application Scanning for application security. If you're serious about security you need a service or a solution that does continuous scanning of your application and infrastructure. There are always vulnerabilities being introduced. I would rate the solution eight out of ten.Popular Comparisons
Fortify WebInspect
PortSwigger Burp
Acunetix Vulnerability Scanner
Rapid7 InsightAppSec
Sonatype Nexus Lifecycle
Micro Focus Fortify on Demand
Rapid7 AppSpider
Netsparker Web Application Security Scanner
Buyer's Guide
Download our free Application Security Report and find out what your peers are saying about Qualys, Veracode, Acunetix, and more!
Quick Links
Learn More: Questions:
- What is the biggest difference between OWASP Zap and Qualys?
- When evaluating Application Security, what aspect do you think is the most important to look for?
- Which application security solutions include both vulnerability scans and quality checks?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- How was the 2020 Twitter Hack carried out? How could it have been prevented?
- Is SonarQube the best tool for static analysis?
- What are the OWASP top 10 in 2020?
- SAST vs. DAST: Which is better for application security testing?