Qualys Web Application Scanning and GitHub operate in the cybersecurity and source code management spaces. Users may find GitHub has the upper hand due to its emphasis on collaboration and ease of integration with development tools.
Features: Qualys Web Application Scanning offers integration with Selenium IDE, comprehensive protection against zero-day vulnerabilities, and scalability for large environments. It provides vulnerability and patch management with robust API integrations. GitHub is known for its superior source code management with features like branching, merging, and collaboration tools such as Git Hooks and compatibility with Jenkins, which enhances its utility in development workflows.
Room for Improvement: Qualys Web Application Scanning could improve in detecting false positives, enhancing API integration, and offering a simplified UI. Users seek better reporting and inclusion of business logic vulnerability detection. GitHub may benefit from facilitating better integration with various development tools, easing license management, and enhancing its security features while optimizing its project management capabilities.
Ease of Deployment and Customer Service: Qualys Web Application Scanning supports hybrid, private, and public cloud deployments, though customer support may seem impersonal, with a need for more active customer engagement. In contrast, GitHub, primarily focused on public cloud environments, ensures easy deployments for development teams. Customer support is good but can lack personalization for more complex organizational needs.
Pricing and ROI: Qualys Web Application Scanning is considered expensive, justified through its comprehensive security features, though its asset count-based licensing can be complex. The tool offers good ROI through productivity gains. GitHub provides a cost-effective approach with free plans for basic features and tiered pricing for advanced tools, making it especially appealing for agile startups and educational institutions, presenting lower financial barriers compared to Qualys.
The technical support from GitHub is generally good, and they communicate effectively.
I have not used GitHub's technical support extensively because there are many resources and a robust knowledge base available due to the large user community.
Some forums help you get answers faster since you just type in your concern and see resolutions from other engineers.
Once we purchase the license, we have access to top-notch support.
I have dealt with Qualys's technical support, and any enhancements are challenging.
We have never had a problem with scalability, so I would rate it at least eight to nine.
GitHub is more scalable than on-prem solutions, allowing for cloud-based scaling which is beneficial for processing large workloads efficiently.
At one point, there was a limitation on reporting for 100,000 assets at a time.
It is licensed for assets, so we just contact the team for additional licenses if needed.
It provides a reliable environment for code management.
If a skilled developer uses it, it is ten out of ten for stability.
GitHub is mostly stable, but there can be occasional hiccups.
One area for improvement in GitHub could be integration with other tools, such as test management or project management tools.
There are still areas for improvement with GitHub Actions and their deployment workflows, as they have made significant progress but are not yet polished.
When solving merge conflicts, it would be helpful to have tooltips within the actions to know what changes could happen next when resolving a conflict.
With the growing reliance on AI, Qualys Web Application Scanning should be updated to handle AI-based applications and LLM-based attacks.
I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus.
One area of improvement is reducing false positives by prioritizing agent findings over remote findings when there is a corresponding local agent finding.
The pricing of GitHub depends on the choice of solutions, such as building one's own GitHub Runners to save money or using GitHub's Runners with extra costs.
Normally, GitHub is not expensive, but it would be welcome if it reduces costs for developing countries.
The pricing of GitHub is reasonable, with the cost being around seven dollars per user per month for private repositories.
They offer discounts on bulk licenses, making it cheaper compared to competitors like Veracode DAST.
I find it a bit expensive compared to other competitors.
GitHub Actions for CI/CD implementation.
For branching, it works well, especially in an agile environment.
GitHub Actions allow for creating multiple jobs that run in different stages such as build, test, and deploy, which enable better visibility and control over the deployment pipeline.
It effectively detects vulnerabilities like the OWASP Top 10 without any issues in reporting.
It is recognized as one of the best tools for web application security from a development perspective.
The product helps by providing options for remediating vulnerabilities it finds, making it really useful.
Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.
Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.
Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:
Benefits of Qualys Web Application Scanning
Qualys Web Application Scanning offers many benefits, including:
Reviews from Real Users
Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.
P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
