QualysGuard Web Application Scanning Reviews

3.4 out of 5 stars
 (5)
Anonymous avatar x80
Vendor
Sr. Director, Cloud Platform Engineering at a tech vendor with 1,001-5,000 employees
Jun 30 2017

What is most valuable?

We’re a Linux shop and Qualys gave us good Linux vulnerability scanning; no experience with it on MSFT products. It reports only a few glaring false-positive errors (directory ownership was a common one), and our post-processing dealt with... more»

How has it helped my organization?

The biggest benefit was integrating Qualys scanning into our CI/CD pipeline to vulnerability-scan new custom machine images or AWS) before deployment. We’d build the image, instantiate it, run Qualys against it, get the report, post-process... more»

What needs improvement?

The licensing and user permissions are a little wonky for a DevOps team to use, probably because it’s traditionally an InfoSec tool.
0fcdb276 5eff 47c8 a259 00725a1832c9 avatar
Vendor
Ex Senior Security Analyst and Onsite consultant at a tech services company with 501-1,000 employees
Mar 11 2018

What is most valuable?

QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations.

How has it helped my organization?

In order to finish a project, a penetration test in our company is on average five days, including documentation. Without this tool, the testing would take five days! By using QualysGuard, we are able to finish external scans with assured... more»

What needs improvement?

In certain cases, this product does have false positives, which the company should work on. They should also try to include business logic vulnerabilities in the scanner testing.
Application security report from it central station 2018 04 07 thumbnail
Find out what your peers are saying about Qualys, Acunetix, CA Technologies and others in Application Security.
265,288 professionals have used our research since 2012.
Anonymous avatar x80
Real User
Senior Security Systems Engineer at a software R&D company with 501-1,000 employees
Aug 31 2016

What is most valuable?

* Ease of use and setup * Visibility into our environment

How has it helped my organization?

WAS gave us visibility into our externally exposed web applications and showed us vulnerabilities that we were not aware of and did not know how to test for. We didn't need any knowledge of these vulnerabilities or how they worked to scan for... more»

What needs improvement?

The organization of the assets was a little confusing and overwhelming. The system could also use some work in pivoting from a VM scan to add the servers with web applications exposed to the WAS server. It frequently created WAS assets that... more»
Db8be131 12d6 4844 97f9 393d614259f1 avatar
Real User
Module Lead at a tech services company with 1,001-5,000 employees
Aug 31 2016

What is most valuable?

There is nothing out of the box in the Qualys web application scanning module. One good thing is that it reports fewer false positives.

How has it helped my organization?

We use many other products along with Qualys. In a way, Qualys dashboards are good to keep track of vulnerabilities found asset-wise.

What needs improvement?

The tool should have a live HTTP editor and more configuration options for some situations, such as handling applications that have URL rewriting enabled. The tool should have more mature APIs for integration and automation. They should... more»
66c5d359 a932 4bd6 8624 8f261a9f72fb avatar
Vendor
Deputy Manager at a tech services company with 1,001-5,000 employees
Mar 14 2018

What do you think of QualysGuard Web Application Scanning?

Primary Use Case Cloud hosted application, and was also accessible through mobile app. • Improvements to My Organization Dynamic features for pen testing automation, with manual. • Valuable Features Network scanner has good reporting, coverage was also good. In Web scanner, dashboard was good but features were limited. • Room for Improvement Please add manual penetration testing features.  Also I didn't like the license terms and the features were limited compared to other tools used for web applications. • Use of Solution Trial/evaluations only.

Articles

User Assessments By Topic About QualysGuard Web Application Scanning

Application security report from it central station 2018 04 07 thumbnail
Find out what your peers are saying about Qualys, Acunetix, CA Technologies and others in Application Security.
265,288 professionals have used our research since 2012.

QualysGuard Web Application Scanning Questions

QualysGuard Web Application Scanning Projects By Members

QualysGuard Web Application Scanning Consultants

What is QualysGuard Web Application Scanning?

Qualys Web Application Scanning (WAS) is a cloud service that provides automated crawling and testing of custom web applications to identify vulnerabilities including cross-site scripting (XSS) and SQL injection. The automated service enables regular testing that produces consistent results, reduces false positives, and easily scales to secure a large number of websites. Proactively scans websites for malware infections, sending alerts to website owners to help prevent black listing and brand reputation damage.
QualysGuard Web Application Scanning customers
BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
Vendor 7858 screenshot 1519503611
BUYER'S GUIDE
Not sure which Application Security solution is right for you?

Download our free Application Security Report and find out what your peers are saying about Qualys, Acunetix, CA Technologies, and more!
Application security report from it central station 2018 04 07 thumbnail

Sign Up with Email