Qualys Web Application Scanning Reviews

Anonymous User

Sr. Director, Cloud Platform Engineering at a tech vendor with 5,001-10,000 employees

Jun 30 2017

We’re a Linux shop and Qualys gave us good Linux vulnerability scanning; no experience with it on MSFT products.

What is most valuable?

We’re a Linux shop and Qualys gave us good Linux vulnerability scanning; no experience with it on MSFT products. It… more»

How has it helped my organization?

The biggest benefit was integrating Qualys scanning into our CI/CD pipeline to vulnerability-scan new custom machine… more»

What needs improvement?

The licensing and user permissions are a little wonky for a DevOps team to use, probably because it’s traditionally an… more»

What's my experience with pricing, setup cost, and licensing?

The “bring your own licenses” model for the virtual appliance isn’t what you might think, so get a clear explanation up… more»

If you previously used a different solution, which one did you use and why did you switch?

Don’t know what, if anything, preceded Qualys at Symantec.

What other advice do I have?

My team was responsible for operating the Symantec development hybrid cloud (about 6K servers in four DCs and multiple AWS… more»

See Entire Qualys Web Application Scanning Review (662 Words) »

Anonymous User

Senior Information Security Analyst with 1,001-5,000 employees

Aug 16 2018

It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard

What is most valuable?

It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools.

How has it helped my organization?

It gave us an idea of what lay in our network, and the vulnerabilities in it. Most IT admins are not aware of what is happening on the network. It was able to advise them of what's… more»

What needs improvement?

The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to… more»

What's my experience with pricing, setup cost, and licensing?

Licensing was based on the number of assets that you want to scan on your network. You can also do licensing on subscription. On subscription, it is easier and more flexible. You tell… more»

See Entire Qualys Web Application Scanning Review (646 Words) »

Download Free Report

Find out what your peers are saying about Qualys, Acunetix, Veracode and others in Application Security. Updated: February 2019.

Download now

316,786 professionals have used our research since 2012.

Reviewer32192

Delivery Manager at a tech vendor with 1,001-5,000 employees

Aug 02 2018

We can do scanning and submit reports straight to customers when there are new vulnerabilities

What is most valuable?

We are using scanners and the PCI model. We do PCI scanning because we are a PCI vendor. We are using the tool to do the… more»

How has it helped my organization?

We are looking for automation in our scanning activities or projects, because manual won't work. So, automation is… more»

What needs improvement?

In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could… more»

What's my experience with pricing, setup cost, and licensing?

Qualys has an IT-based licensing based on a yearly license, which is a good way of handling it. However, in some cases… more»

If you previously used a different solution, which one did you use and why did you switch?

We were and still are using webMethods Professional. We use both in tandem to do manual testing. That is our process of… more»

What other advice do I have?

It is a very much stable. If you have a good amount of calender-based activities, it is good for defining frequency. You… more»

See Entire Qualys Web Application Scanning Review (458 Words) »

Ssaurabh Kesari

Ex Senior Security Analyst and Onsite consultant at a tech services company with 1,001-5,000 employees

Mar 11 2018

Its web-based scanner is very useful for performing external penetration and PCI scans from remote locations

What is most valuable?

QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations.

How has it helped my organization?

In order to finish a project, a penetration test in our company is on average five days, including documentation. Without this tool, the testing… more»

What needs improvement?

In certain cases, this product does have false positives, which the company should work on. They should also try to include business logic… more»

What's my experience with pricing, setup cost, and licensing?

It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders. Try the… more»

What other advice do I have?

We are an institutional partner of QualysGuard and buy bulk licenses.

See Entire Qualys Web Application Scanning Review (423 Words) »

Anonymous User

Cyber Security Consultant at a tech services company with 10,001+ employees

May 23 2018

The way results are presented makes remediation easy, but GUI is a little complex

What is most valuable?

* It's cloud-based so the installation is not so tedious. * Easily deployed. * Highly scalable. * Comprehensive reporting. Also, you can integrate your Burp Suite results and create an integrated report. The way it shows the results - threats… more»

How has it helped my organization?

It definitely helps us with the remediation process as we can create different reports, whatever is required at the time.

What needs improvement?

The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes. Also, occasionally it can't even authenticate to basic web forms.

See Entire Qualys Web Application Scanning Review (263 Words) »

Anonymous User

Deputy Manager at a tech services company with 10,001+ employees

Mar 14 2018

Network scanner has good reporting and coverage, but it needs manual pen testing

What do you think of Qualys Web Application Scanning?

What is our primary use case?

Cloud hosted application, and was also accessible through mobile app.

How has it helped my organization?

Dynamic features for pen testing automation, with manual.

What is most valuable?

Network scanner has good reporting, coverage was also good. In Web scanner, dashboard was good but features were limited.

What needs improvement?

Please add manual penetration testing features. Also I didn't like the license terms and the features were limited compared to other tools used for web applications.

For how long have I used the solution?

Trial/evaluations only.

See Entire Qualys Web Application Scanning Review (107 Words) »

Articles

User Assessments By Topic About Qualys Web Application Scanning

Qualys Web Application Scanning Questions

Qualys Web Application Scanning Projects By Members

What is Qualys Web Application Scanning?

Qualys Web Application Scanning (WAS) is a cloud service that provides automated crawling and testing of custom web applications to identify vulnerabilities including cross-site scripting (XSS) and SQL injection. The automated service enables regular testing that produces consistent results, reduces false positives, and easily scales to secure a large number of websites. Proactively scans websites for malware infections, sending alerts to website owners to help prevent black listing and brand reputation damage.

Also known as

Qualys WAS

Qualys Web Application Scanning customers

BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.