Try our new research platform with insights from 80,000+ expert users
Qualys Web Application Scanning Logo

Qualys Web Application Scanning Reviews

Vendor: Qualys
3.8 out of 5
Leave a review

What is Qualys Web Application Scanning?

Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.

Get the Qualys Web Application Scanning Buyer's Guide and find out what your peers are saying about Qualys Web Application Scanning, SonarQube, Snyk and more!
Qualys Web Application Scanning is the #13 ranked solution in AST tools and #15 ranked solution in application security solutions. PeerSpot users give Qualys Web Application Scanning an average rating of 7.6 out of 10. Qualys Web Application Scanning is most commonly compared to SonarQube: Qualys Web Application Scanning vs SonarQube. Qualys Web Application Scanning is popular among the large enterprise segment, accounting for 58% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 13% of all views.
Buyer's Guide
Qualys Web Application Scanning
March 2026
Get the report
Helped 885,264 peers since 2012

Featured Qualys Web Application Scanning reviews

Read more reviews

Qualys Web Application Scanning mindshare

Product category:
Application Security Tools
As of March 2026, the mindshare of Qualys Web Application Scanning in the Application Security Tools category stands at 1.8%, down from 1.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Application Security Tools Mindshare Distribution
ProductMindshare (%)
Qualys Web Application Scanning1.8%
SonarQube16.3%
Checkmarx One9.9%
Other72.0%
Application Security Tools

PeerResearch reports based on Qualys Web Application Scanning reviews

TypeTitleDate
CategoryApplication Security ToolsMar 28, 2026Download
ProductReviews, tips, and advice from real usersMar 28, 2026Download
ComparisonQualys Web Application Scanning vs SonarQubeMar 28, 2026Download
ComparisonQualys Web Application Scanning vs Checkmarx OneMar 28, 2026Download
ComparisonQualys Web Application Scanning vs VeracodeMar 28, 2026Download
Suggested products
TitleRatingMindshareRecommending
SonarQube4.016.3%83%135 interviewsAdd to research
Snyk4.15.5%100%51 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Qualys Web Application Scanning offers valuable features like Selenium IDE integration, zero-day protection, PCI compliance, and support for the OWASP Top 10. Users appreciate the cloud-based deployment, comprehensive reporting, and efficient API integration. Its user-friendly dashboard and detailed reports enhance compliance and remediation processes. Credential scanning and low false positives boost effectiveness. Scanning speed, scalability, robust zero-day detection, and strong integration capabilities, like with Jenkins, make it a preferred choice.
  • "Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
  • "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors."
  • "I recommend Qualys Web Application Scanning as it is easy to set up scans and is affordable from a cost perspective."

Room for Improvement

Qualys Web Application Scanning requires improvements in user interface complexity and integration capabilities. Users seek enhanced vulnerability detection, including false positive reduction and coverage of business logic vulnerabilities. Pricing is a concern for many, along with issues in licensing. Reports are often cumbersome to analyze, with a call for more flexible APIs and better visibility into applications. Additionally, users express a need for enhanced crawling, support for additional security standards, and improved performance and automation features.
  • "We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans."
  • "When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line the vulnerability is on and what can be done."
  • "I have experience with adaptive scanning for single-page applications, which was not very effective."

ROI

Users have experienced a positive ROI from Qualys Web Application Scanning, noting it is scalable and incurs no installation costs. Automation significantly cut scanning tasks by 70%, and the failure rate of web applications dropped from 20% to 2% over five years. Though one user has only utilized it for six months, visibility gained into environments created notable returns, and licensing was competitive even though scaling across entire internal environments presented challenges.

Pricing

Qualys Web Application Scanning's pricing is often viewed as expensive, particularly compared to similar solutions. Licensing is flexible, based on assets or subscriptions, with negotiations available for bulk purchases. Costs include license fees and occasionally maintenance or consulting. Larger organizations may find value, especially with direct sales discussions to secure discounts. However, smaller enterprises may find the pricing challenging. Despite its cost, many users appreciate the comprehensive features and security it provides.
  • "The product pricing is fair and reasonably priced."
  • "From my perspective, it is a budget-friendly option."
  • "Qualys Web Application Scanning's pricing is a bit expensive compared to other solutions available in the market."

Popular Use Cases

They utilize Qualys Web Application Scanning for external penetration, PCI scans, and vulnerability management. Users access it for web and mobile application scanning, ensuring security and compliance. The platform helps in auditing security levels, scanning public-facing sites, and integrating with DevOps. It's used for automated web architecture scanning, continuous security checks, and compliance with PCI through periodic scanning. Users appreciate its accuracy and integration capabilities in CI/CD pipelines, reducing false positives.

Service and Support

Customer service and support for Qualys Web Application Scanning received mixed impressions. Some rate support highly, noting responsiveness and access to 24/7 channels. Others mention challenges with resolution speed and third-party vendors. While some appreciate efficient issue handling and proactive management, others face transactional interactions lacking personal engagement. Many find initial contact difficult, needing improvements in consistent communication and fast response to queries, though recent changes suggest possible enhancements in customer experience.

Deployment

Many users describe Qualys Web Application Scanning's initial setup as straightforward and user-friendly, noting that being cloud-based simplifies deployment. It is often quick, taking as little as a few minutes or a couple of days, depending on requirements. Some complexities arise with internal scans, needing specific configurations. Challenges are mainly related to licensing issues or poor API documentation, rather than the installation process itself. Users with trained engineers find the deployment especially easy.

Scalability

Qualys Web Application Scanning demonstrates strong scalability, efficiently accommodating multiple users and various cloud infrastructure needs. Users consistently report ease in scaling, leveraging a cloud-based architecture that handles large environments well. Some mention license management challenges and limitations on concurrent scans, but the ability to adjust for numerous assets and users is frequently highlighted. Reports indicate high satisfaction with its scalability, facilitating seamless expansion with minimal configuration changes.

Stability

Qualys Web Application Scanning is highly stable with no major issues or downtime reported. Users frequently describe it as reliable and highly resilient. Stability feedback ranges from eight to nine out of ten in ratings. Some minor bugs have been addressed effectively. Most users have not faced any serious performance issues, highlighting the platform's consistency and robustness across varied environments.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Qualys Web Application Scanning Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business7
Midsize Enterprise6
Large Enterprise24
By reviewers
By visitors reading reviews
Company SizeCount
Small Business175
Midsize Enterprise91
Large Enterprise368
By visitors reading reviews

Top industries

By visitors reading reviews
Financial Services Firm
13%
Manufacturing Company
12%
Computer Software Company
9%
Comms Service Provider
6%
Government
6%
Insurance Company
5%
University
4%
Performing Arts
4%
Healthcare Company
4%
Media Company
4%
Marketing Services Firm
3%
Wholesaler/Distributor
3%
Retailer
3%
Educational Organization
3%
Real Estate/Law Firm
2%
Outsourcing Company
2%
Construction Company
2%
Energy/Utilities Company
2%
Transportation Company
2%
Non Profit
2%
Consumer Goods Company
1%
Logistics Company
1%
Pharma/Biotech Company
1%
Hospitality Company
1%
Legal Firm
1%
Wellness & Fitness Company
1%

Compare Qualys Web Application Scanning with alternative products

Go!

Learn more about Qualys Web Application Scanning

Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.

Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:

  • Deep Scanning: All apps and APIs on your internal network and public cloud are covered by Qualys WAS deep scanning to show you any visible vulnerabilities.

  • DevSec Ops Tool: Detect security issues in your code while still in app development stages and generate comprehensive reports.

  • Comprehensive Discovery: Discover and catalog new and unknown web apps in your network.

  • Malware Detection: Scan a website, identify vulnerabilities, and receive alerts to any infections.


Benefits of Qualys Web Application Scanning

Qualys Web Application Scanning offers many benefits, including:

  • Quick Deployment: Requires no infrastructure or software to upkeep.

  • Effortless Scalability: Effortlessly launch a deep scan and protect thousands of websites.

  • Centralized Management: Manage and mend all web app vulnerabilities through a single interface.

  • Excellent Integration Capabilities: Integrates with Qualys Web App Firewall (WAF) for a single-click virtual patching of found vulnerabilities.

  • Respond to Threats Immediately: Qualys Continuous Monitoring offers the user a hands-free service by automatically launching scanning and sending notifications of a potential threat.

  • Cost-effective Solution: Data is analyzed in real time as Qualys WAS is an end-to-end solution; this helps avoid costs associated with managing multiple security vendors.

Reviews from Real Users

Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.

P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."

Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."

Qualys Web Application Scanning was previously known as Qualys WAS.

Qualys Web Application Scanning customers

BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.

Related questions

  • 21
What is the biggest difference between OWASP Zap and Qualys?
  • 173
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 84
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 186
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 140
What are the Top 5 cybersecurity trends in 2022?
  • 71
Which application security solutions include both vulnerability scans and quality checks?
  • 89
We're evaluating Tripwire, what else should we consider?
  • 337
Is SonarQube the best tool for static analysis?
  • 75
Why Do I Need Application Security Software?
  • 109
Which Email Security enterprise solution would you choose: Cisco Secure Email vs Forcepoint Email Security vs Barracuda Email Security Gateway?

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube vs Qualys Web Application Scanning Logo
SonarQube vs Qualys Web Application Scanning
Snyk vs Qualys Web Application Scanning Logo
Snyk vs Qualys Web Application Scanning
Checkmarx One vs Qualys Web Application Scanning Logo
Checkmarx One vs Qualys Web Application Scanning
GitLab vs Qualys Web Application Scanning Logo
GitLab vs Qualys Web Application Scanning
Veracode vs Qualys Web Application Scanning Logo
Veracode vs Qualys Web Application Scanning
CrowdStrike Falcon Cloud Security vs Qualys Web Application Scanning Logo
CrowdStrike Falcon Cloud Security vs Qualys Web Application Scanning
Coverity Static vs Qualys Web Application Scanning Logo
Coverity Static vs Qualys Web Application Scanning
GitHub Advanced Security vs Qualys Web Application Scanning Logo
GitHub Advanced Security vs Qualys Web Application Scanning
Acunetix vs Qualys Web Application Scanning Logo
Acunetix vs Qualys Web Application Scanning
Mend.io vs Qualys Web Application Scanning Logo
Mend.io vs Qualys Web Application Scanning
OpenText Core Application Security vs Qualys Web Application Scanning Logo
OpenText Core Application Security vs Qualys Web Application Scanning
Sonatype Lifecycle vs Qualys Web Application Scanning Logo
Sonatype Lifecycle vs Qualys Web Application Scanning
OWASP Zap vs Qualys Web Application Scanning Logo
OWASP Zap vs Qualys Web Application Scanning
PortSwigger Burp Suite Professional vs Qualys Web Application Scanning Logo
PortSwigger Burp Suite Professional vs Qualys Web Application Scanning
HCL AppScan vs Qualys Web Application Scanning Logo
HCL AppScan vs Qualys Web Application Scanning
See all alternatives
 
Qualys Web Application Scanning Reviews Summary
Author infoRatingReview Summary
Security Officer at a tech vendor with 10,001+ employees2.5I use Qualys Web Application Scanning mainly for vulnerability management; it's easy to set up with a user-friendly dashboard, though it lacks deep crawling and often flags false positives, requiring manual checks for real impact.
Senior Security Engineer at Charter Communications3.5I use Qualys Web Application Scanning for compliance, focusing on host-based scanning and PCI compliance. Its robust interface and quick detection of vulnerabilities like the OWASP Top 10 stand out. However, false positives need reduction. I prefer it over CrowdStrike, Kenna, and Contrast.
Team Lead, Cyber Security at Uridium Technologies4.0I use Qualys Web Application Scanning for both internal and external asset vulnerability scanning. It's user-friendly and effective, especially with credential scanning. While it's a bit pricey compared to Tenable Nessus, it meets most of our web application needs.
Security Engnr at Infoseck2k4.0I find Qualys WAS impressive for its fast, automated scans, integrated modules, and ease of setup, making it a cost-effective solution. However, it needs improvement in vulnerability discovery, authenticated scans, and UI compared to other tools.
Associate Principal, Software Engineering at LTI - Larsen & Toubro Infotech4.0I use Qualys Web Application Scanning for accurate and flexible application scans, integrating it into our CI/CD pipeline. While it minimizes false positives and offers scalability, adding LLM-based features is necessary as AI reliance grows.
Head of Operations, Supply Chain at Lyreco Deutschland GmbH3.5I use Qualys Web Application Scanning as part of our vulnerability management strategy, focusing on web application, container, and infrastructure vulnerabilities. However, building automation is challenging, and it isn't integrated into our SDLC process, limiting its effectiveness. We use AWS.
Cyber security specialist at a financial services firm with 10,001+ employees4.0We use Qualys Web Application Scanning for vulnerability management, appreciating its fast crawling, reduced false positives, and responsive support. While the new UI could be more user-friendly, the solution saves time with automation and improves web application reliability.
Security Consultant at Cognizant4.5I use Qualys Web Application Scanning for vulnerability and web application scanning because it provides features like threat protection and container security. It's complex to navigate compared to Tenable and Rapid7, but scalable with visible ROI and no extra installation costs.