Qualys Web Application Scanning and Checkmarx One compete in the web application security and code analysis sector. Checkmarx One seems to have the upper hand due to its comprehensive code scanning without requiring code compilation and extensive language support.
Features: Qualys Web Application Scanning offers seamless integration with Selenium IDE, zero-day vulnerability protection, and comprehensive reporting. It excels in API integration and has a low rate of false positives. Checkmarx One provides thorough code scanning without the need for compilation, supports incremental scanning, and a wide range of programming languages. It integrates easily with popular repositories, enhancing secure coding skills among developers.
Room for Improvement: Qualys Web Application Scanning could reduce false positives further, enhance application visibility, and simplify its complex pricing structure. Meanwhile, Checkmarx One should aim to reduce false positives, improve dynamic application testing, and refine its user interface. Expanding integration options for more languages would also be beneficial.
Ease of Deployment and Customer Service: Qualys Web Application Scanning is cloud-based, allowing easy deployment across cloud environments with generally responsive customer service. Checkmarx One provides deployment flexibility with support for hybrid and on-premises setups. Its support is noted for effective issue resolution, despite needing some user interface improvements.
Pricing and ROI: Qualys Web Application Scanning is considered costly but offers significant ROI by reducing failure rates in web applications. Checkmarx One, though expensive, is valued for its comprehensive coverage and ROI in enhancing software security. Customers often negotiate their pricing for flexible licensing arrangements.
Once we purchase the license, we have access to top-notch support.
I have dealt with Qualys's technical support, and any enhancements are challenging.
It is licensed for assets, so we just contact the team for additional licenses if needed.
At one point, there was a limitation on reporting for 100,000 assets at a time.
I would rate the stability of this solution a nine on a scale of 1 to 10 where one is low stability and 10 is high.
It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from.
With the growing reliance on AI, Qualys Web Application Scanning should be updated to handle AI-based applications and LLM-based attacks.
One area of improvement is reducing false positives by prioritizing agent findings over remote findings when there is a corresponding local agent finding.
I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus.
They offer discounts on bulk licenses, making it cheaper compared to competitors like Veracode DAST.
I find it a bit expensive compared to other competitors.
My experience with the initial setup of Checkmarx One is straightforward; it is not complex compared to other tools that I have tried.
It effectively detects vulnerabilities like the OWASP Top 10 without any issues in reporting.
Credential scanning is very effective because it goes in-depth into the system, crawling the pages, and reporting on vulnerabilities.
It is recognized as one of the best tools for web application security from a development perspective.
Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.
Checkmarx One offers comprehensive application scanning across the SDLC:
Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.
Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.
Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.
Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:
Benefits of Qualys Web Application Scanning
Qualys Web Application Scanning offers many benefits, including:
Reviews from Real Users
Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.
P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
