We performed a comparison between OWASP Zap and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It scans while you navigate, then you can save the requests performed and work with them later."
"Automatic updates and pull request analysis."
"The most valuable feature is scanning the URL to drill down all the different sites."
"The solution is good at reporting the vulnerabilities of the application."
"Automatic scanning is a valuable feature and very easy to use."
"They offer free access to some other tools."
"The API is exceptional."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"It is a very stable solution."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"The product prevents possible vulnerabilities in our network."
"It is easy to use."
"Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."
"It is a cloud-based solution, so it is easy to scale."
"Sometimes, we get some false positives."
"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."
"OWASP Zap needs to extend to mobile application testing."
"Lacks resources where users can internally access a learning module from the tool."
"There are too many false positives."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
"The port scanner is a little too slow."
"The solution is unable to customize reports."
"In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us."
"The product should allow users to upload their payloads."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
"Deployment can be complicated."
"The support could be faster."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"The virus code updates are not frequent enough."
"There should be better visibility into the application."
More Qualys Web Application Scanning Pricing and Cost Advice →
OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews while Qualys Web Application Scanning is ranked 14th in Static Application Security Testing (SAST) with 31 reviews. OWASP Zap is rated 7.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Veracode and Checkmarx One, whereas Qualys Web Application Scanning is most compared with Veracode, SonarQube, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning. See our OWASP Zap vs. Qualys Web Application Scanning report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.