We performed a comparison between Checkmarx One and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The report function is the solution's greatest asset."
"Helps us check vulnerabilities in our SAP Fiori application."
"Apart from software scanning, software composition scanning is valuable."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
"We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"It is a cloud-based solution, so it is easy to scale."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"The solution sometimes reports a false auditable code or false positive."
"The cost per user is high and should be reduced."
"Meta data is always needed."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side."
"Micro-services need to be included in the next release."
"The product should allow users to upload their payloads."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"The product's pricing could be better."
"It should have better automatic reporting."
"There could be better management and faster scanning."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
More Qualys Web Application Scanning Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Qualys Web Application Scanning is ranked 18th in Application Security Tools with 31 reviews. Checkmarx One is rated 7.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Snyk. See our Checkmarx One vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.