Qualys Web Application Scanning Reviews

With our vulnerabilities under control, it puts our services in compliance and minimizes our risk for exposure.

The vulnerability scanning and patching features are the most valuable parts of the solution.

The solution needs to adjust its pricing. They should make it more affordable.

The solution is stable.

The cloud service makes the solution very scalable. We have about ten users right now, however we don't intend to increase usage at this time.

Technical support is excellent. I would rate it ten out of ten.

We've never used a different solution.

The initial setup was straightforward. Deployment took about two weeks.

Our internal team handled the implementation.

We did not evaluate other options before choosing Qualys.

We are using the cloud deployment model.

I would recommend other users to use Qualys Application Scanning for application security. If you're serious about security you need a service or a solution that does continuous scanning of your application and infrastructure. There are always vulnerabilities being introduced.

I would rate the solution eight out of ten.

We use Qualys Internet-based scanners for external penetration testing as well as PCI scans for our clients. The tool being Internet based, it can be accessed from any location, and it does not have issues with updating the patches as well as versions (QualysGuard updates the tool at specific periods in a year with prior information). The report generated by QualysGuard is very detailed and easy to understand.

In order to finish a project, a penetration test in our company is on average five days, including documentation. Without this tool, the testing would take five days! 

By using QualysGuard, we are able to finish external scans with assured results in half the time.

QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations.

In certain cases, this product does have false positives, which the company should work on. They should also try to include business logic vulnerabilities in the scanner testing.

The product that we used in our office under different environments is highly stable.

This product is designed for easy scalability and can easily scale up without major challenges.

We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues.

It is a straightforward implementation. Once you register over the Internet, they assign you a set of static IP addresses which can be used to perform web-based scans. The administrator panel is easy to understand and create.

It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.

Try the free trial of the product to understand the basic working mechanisms.

We did try Acutenix, but the quality of results and user interface of Qualys was excellent in comparison.

We are an institutional partner of QualysGuard and buy bulk licenses. 

For some projects, we will need to use this on-premises. It depends on the confidentiality of our project. For other projects, we will also be deploying on the cloud or maybe a hybrid solution as well.  

We are looking forward to having a relationship as a partner with this company and maybe one or two others. We are not just a customer. We have a bunch of freelancers that we are working with in three different companies in Slovenia, Australia, and other countries. We are looking for solutions to make our testing and security checks more affordable.  

I am not the person who is actually directly testing this. One of the other people from our team is doing that. But I was involved in the selection of what we products we should compare based on available features, demos, and how products appear to meet our needs. What I remember from my experience with Qualys is that the simplicity of exporting reports and the simplicity and clarity of the reports included with the product is good. The website was also well-designed and easy to navigate. The SSL security measurements that the product offers seem comprehensive. But I can not say, at this preliminary phase, that I specifically think this or that from Qualys is the most valuable. It is intriguing enough to make our shortlist and POC efforts.  

Knowing we are in an early phase of discovery and comparison, it is impossible to know exactly what features may need improvement. Some seem to be interesting, on the other hand. The only thing that is in need of improvement from my perspective at this point is pricing in comparison to other, similar products.   

We are in the process of analyzing several products over several months in this category for comparison and proof of concept.  

We have not yet had to contact technical support for any reason.  

I don't have information at this moment because we are in the process of discovery and we have not fully deployed. We do have a test deployment running.  

The pricing of Qualys is quite expensive in comparison with the other products in this category that are offering pretty much the same thing. Pricing is one area of the product that can be improved. At this stage of our discovery, we only know the initial cost is high.  

We were testing a lot of products. We were looking for a good product for our needs and for the needs of our customers to scan vulnerabilities. Qualys was one of the products we chose to do further testing with. The testing with data is still continuing and is a process. As we are in the process of discovery now, we cannot exactly qualify our experience with the product.  

On a scale from one to ten where one is the worst ten is the best, I would rate Qualys as a seven at this point. It is difficult to rate Qualys — or even products from other companies — as better than this because we are hearing the same thing from all the product manufacturers before we went into testing. But based on the references from other users about Qualys, our current level of experience, the pricing as we know it and the services that are offered for free, Qualys is a seven.  

What we have mostly found at this point is that you can't just install a free trial version of a product and get a complete impression immediately. With some products like Qualys or others in the category, the pricing may not be completely right because there are hidden costs. It could be one solution is not quick to deploy and that seems to make it difficult but in actual use, it is easier than everything else. Some products will be easy to set up and after 10 days of trying to work with it, I might be disappointed because of what I committed to.  

It protects against zero-day vulnerabilities, like Heartbleed.

It's missing some zero-day patches.

I've used it for a few months.

No issues encountered.

No issues encountered.

No issues encountered.

It's high.

It's high.

I used Rapid7 NeXpose in another shop.

The product was already installed when I got there, I just added more scanning jobs and used the reports for remediation, etc.

I evaluated and selected Rapid7 NeXpose in a previous job (over QualysGuard) because the compliance department there vetoed using “an external service”. Also, we wanted to get Metasploit later.

Cloud hosted application, and was also accessible through mobile app.

Dynamic features for pen testing automation, with manual.

Network scanner has good reporting, coverage was also good. In Web scanner, dashboard was good but features were limited.

Please add manual penetration testing features. 

Also I didn't like the license terms and the features were limited compared to other tools used for web applications.

WAS and being able to integrate Selenium IDE to automate the login process was most helpful.

Scheduling feature allows to scan on the weekends and holidays in a planned way.

Enhancing the capability to find XSS.

I've used it for six months.

No issues encountered.

No issues encountered.

No issues encountered.

I've never had the chance to interact.

I've never had the chance to interact.

This would depend on the clients' requirements.

It's straightforward. In fact, it's one of the easiest solutions to implement.

We used a vendor team who had good expertise.

I would recommend this tool. Simply, go for it. The video tutorials would give an insight on the simplicity and effectiveness of the product.

We have a lot of applications in our environment that we need to scan frequently. We have a lot of tutorial sites, e-learning sites, and other related websites which we have to build, maintain, and scan continuously for security purposes.

It definitely helps us with the remediation process as we can create different reports, whatever is required at the time. 

• It's cloud-based so the installation is not so tedious.
• Easily deployed.
• Highly scalable.
• Comprehensive reporting.

Also, you can integrate your Burp Suite results and create an integrated report. 

The way it shows the results - threats and exploit details - makes remediation very easy.

We have seen very few false positives. We found the documentation very useful, particularly the roll-out guide. While the tool is not hard to use, by dividing the documentation into sections, the company provided specific guidance on use cases that are not necessarily limited to the tool itself.

The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes. 

Also, occasionally it can't even authenticate to basic web forms.

Qualys offers one excellent support, which includes 24/7 phone and mail support, as well as access to its online user community.