Qualys Web Application Scanning Reviews

Sr. Director, Cloud Platform Engineering at a tech vendor with 5,001-10,000 employees

Jun 30 2017

What is most valuable?

We’re a Linux shop and Qualys gave us good Linux vulnerability scanning; no experience with it on MSFT products. It reports only a few glaring false-positive errors (directory ownership was a common one), and our post-processing dealt with... more»

How has it helped my organization?

The biggest benefit was integrating Qualys scanning into our CI/CD pipeline to vulnerability-scan new custom machine images or AWS) before deployment. We’d build the image, instantiate it, run Qualys against it, get the report, post-process... more»

What needs improvement?

The licensing and user permissions are a little wonky for a DevOps team to use, probably because it’s traditionally an InfoSec tool.

See full review (616 words) »

SeniorIn3d86

Senior Information Security Analyst with 1,001-5,000 employees

Aug 16 2018

What is most valuable?

It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools.

How has it helped my organization?

It gave us an idea of what lay in our network, and the vulnerabilities in it. Most IT admins are not aware of what is happening on the network. It was able to advise them of what's happening on the network. They could see the web-based... more»

What needs improvement?

The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected. Going... more»

See full review (602 words) »

Download Free Report

Find out what your peers are saying about Qualys, Acunetix, CA Technologies and others in Application Security.

Download now

287,901 professionals have used our research since 2012.

Reviewer32192

Delivery Manager at a tech vendor with 1,001-5,000 employees

Aug 02 2018

What is most valuable?

We are using scanners and the PCI model. We do PCI scanning because we are a PCI vendor. We are using the tool to do the scanning on whatever the latest vulnerabilities there are, and Qualys is always providing us updates. We can do scanning... more»

How has it helped my organization?

We are looking for automation in our scanning activities or projects, because manual won't work. So, automation is required for us. As a result, using the Qualys scanner result is helpful for us.

What needs improvement?

In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful... more»

See full review (412 words) »

Ssaurabh Kesari

Ex Senior Security Analyst and Onsite consultant at a tech services company with 1,001-5,000 employees

Mar 11 2018

What is most valuable?

QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations.

How has it helped my organization?

In order to finish a project, a penetration test in our company is on average five days, including documentation. Without this tool, the testing would take five days! By using QualysGuard, we are able to finish external scans with assured... more»

What needs improvement?

In certain cases, this product does have false positives, which the company should work on. They should also try to include business logic vulnerabilities in the scanner testing.

See full review (378 words) »

SrSecSysEng199

Senior Security Systems Engineer at a software R&D company with 501-1,000 employees

Aug 31 2016

What is most valuable?

* Ease of use and setup * Visibility into our environment

How has it helped my organization?

WAS gave us visibility into our externally exposed web applications and showed us vulnerabilities that we were not aware of and did not know how to test for. We didn't need any knowledge of these vulnerabilities or how they worked to scan for... more»

What needs improvement?

The organization of the assets was a little confusing and overwhelming. The system could also use some work in pivoting from a VM scan to add the servers with web applications exposed to the WAS server. It frequently created WAS assets that... more»

See full review (276 words) »

See 3 more reviews

Articles

User Assessments By Topic About Qualys Web Application Scanning

Qualys Web Application Scanning Questions

Qualys Web Application Scanning Projects By Members

Qualys Web Application Scanning Consultants

What is Qualys Web Application Scanning?

Qualys Web Application Scanning (WAS) is a cloud service that provides automated crawling and testing of custom web applications to identify vulnerabilities including cross-site scripting (XSS) and SQL injection. The automated service enables regular testing that produces consistent results, reduces false positives, and easily scales to secure a large number of websites. Proactively scans websites for malware infections, sending alerts to website owners to help prevent black listing and brand reputation damage.

Also known as

Qualys WAS

Qualys Web Application Scanning customers

BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.