Qualys Web Application Scanning and GitHub are competitors in web security and source code management, respectively. Qualys leads in web security features and vulnerability detection, while GitHub excels in source code management and collaboration tools.
Features: Qualys Web Application Scanning offers robust zero-day vulnerability detection, comprehensive web security features, and OWASP Top 10 scanning. GitHub provides efficient code versioning, extensive security with SSH keys, and strong collaboration tools, supporting public repositories and integrations.
Room for Improvement: Qualys should focus on reducing false positives, enhancing API flexibility, and simplifying deployment. GitHub needs better conflict resolution in merges, more advanced security features, and improved integrations with project management tools.
Ease of Deployment and Customer Service: Qualys provides flexible deployment models across hybrid, public, and private clouds but can be complex. GitHub is smoothly deployed on public and hybrid clouds, and both offer adequate customer service, with Qualys providing 24/7 support.
Pricing and ROI: Qualys has a competitive licensing model but becomes costly as assets grow, showing strong ROI in reduced security failures. GitHub offers free and enterprise options, noted for cost-effectiveness and significant ROI, especially for small teams and educational use, despite cumbersome licensing management.
The technical support from GitHub is generally good, and they communicate effectively.
Some forums help you get answers faster since you just type in your concern and see resolutions from other engineers.
I have not used GitHub's technical support extensively because there are many resources and a robust knowledge base available due to the large user community.
They have various options in the vulnerability management process, and when we initially bought our license, we didn't realize we needed PCI for better results, which isn't included in the default configurations.
Once we purchase the license, we have access to top-notch support.
I have dealt with Qualys's technical support, and any enhancements are challenging.
We have never had a problem with scalability, so I would rate it at least eight to nine.
GitHub is more scalable than on-prem solutions, allowing for cloud-based scaling which is beneficial for processing large workloads efficiently.
My concern remains the lack of deep dive analysis and that it produces similar vulnerability results as other tools such as Nessus based on version checks instead of real impact checks.
It is licensed for assets, so we just contact the team for additional licenses if needed.
At one point, there was a limitation on reporting for 100,000 assets at a time.
If a skilled developer uses it, it is ten out of ten for stability.
It provides a reliable environment for code management.
GitHub is mostly stable, but there can be occasional hiccups.
When working with the CI/CD pipeline and somebody is writing the workflow file, it would be best to include the AI feature so if they write incorrect code, it will notify me about it in the same dashboard, eliminating the need to use third-party tools to review the file.
One area for improvement in GitHub could be integration with other tools, such as test management or project management tools.
I would like to see some AI functionality included in GitHub, similar to the features seen in GitLab, to enhance productivity.
With the growing reliance on AI, Qualys Web Application Scanning should be updated to handle AI-based applications and LLM-based attacks.
Qualys Web Application Scanning does IP-level testing, requiring direct input of credentials, and can only scan a few pages to provide known generic vulnerabilities.
I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus.
Normally, GitHub is not expensive, but it would be welcome if it reduces costs for developing countries.
The pricing of GitHub is reasonable, with the cost being around seven dollars per user per month for private repositories.
The pricing of GitHub depends on the choice of solutions, such as building one's own GitHub Runners to save money or using GitHub's Runners with extra costs.
They offer discounts on bulk licenses, making it cheaper compared to competitors like Veracode DAST.
I find it a bit expensive compared to other competitors.
Regarding pricing, I think for personal use, it is costly, but if organizations are ready to pay, then it is fine as they are using it.
The pull request facility for code review.
GitHub Actions allow for creating multiple jobs that run in different stages such as build, test, and deploy, which enable better visibility and control over the deployment pipeline.
For branching, it works well, especially in an agile environment.
It effectively detects vulnerabilities like the OWASP Top 10 without any issues in reporting.
Credential scanning is very effective because it goes in-depth into the system, crawling the pages, and reporting on vulnerabilities.
Qualys Web Application Scanning is accurate and provides minimal false positives.
| Product | Market Share (%) |
|---|---|
| GitHub | 0.9% |
| Qualys Web Application Scanning | 2.0% |
| Other | 97.1% |
| Company Size | Count |
|---|---|
| Small Business | 42 |
| Midsize Enterprise | 12 |
| Large Enterprise | 48 |
| Company Size | Count |
|---|---|
| Small Business | 8 |
| Midsize Enterprise | 6 |
| Large Enterprise | 27 |
Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.
Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.
Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:
Benefits of Qualys Web Application Scanning
Qualys Web Application Scanning offers many benefits, including:
Reviews from Real Users
Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.
P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
