Qualys Web Application Scanning and Klocwork compete in application security and code analysis sectors. Qualys is often favored for ease of use and scanning capabilities, while Klocwork stands out for detailed code analysis and fault detection.
Features: Qualys Web Application Scanning offers a user-friendly interface, efficient vulnerability scanning, and automation of scanning processes. It integrates seamlessly with existing workflows, increasing its appeal. Klocwork provides advanced static code analysis, enabling early identification of security vulnerabilities. Supporting numerous programming languages, it adapts well to various coding environments.
Room for Improvement: Qualys Web Application Scanning could enhance the detail in scan reports and improve customization options. Users also suggest that reporting precision could be advanced. Klocwork might benefit from more frequent updates and comprehensive user guidance documentation. Enhancements in tutorial resources could also aid user experience.
Ease of Deployment and Customer Service: Qualys Web Application Scanning is recognized for straightforward deployment and responsive customer support, which simplifies integration. Klocwork, though robust in support, is seen as more complex to deploy, requiring additional technical skills.
Pricing and ROI: Qualys Web Application Scanning is viewed as cost-effective, delivering good ROI with competitive pricing. Klocwork, with a higher initial cost, is deemed worthwhile due to extensive features, offering substantial ROI for organizations utilizing its analysis capabilities.
The main ROI factors include efficiency and how we meet compliance standards for various automotive requirements.
The customer support team is very responsive, proactive, and engages in conversations to ensure our needs are met.
The issue is not about the knowledge of the support but about the prioritization of the tickets they handle.
During the initial phase, there was a need for follow-ups and clarifications.
They have various options in the vulnerability management process, and when we initially bought our license, we didn't realize we needed PCI for better results, which isn't included in the default configurations.
Once we purchase the license, we have access to top-notch support.
I have dealt with Qualys's technical support, and any enhancements are challenging.
Klocwork supports our scalability needs without issues, even as project volumes increase.
The program-to-program enablement is scalable.
My concern remains the lack of deep dive analysis and that it produces similar vulnerability results as other tools such as Nessus based on version checks instead of real impact checks.
It is licensed for assets, so we just contact the team for additional licenses if needed.
At one point, there was a limitation on reporting for 100,000 assets at a time.
Installation is easy, and the solution is stable.
There are too many warnings, and it requires expertise to determine the correct category for them.
Klocwork sometimes provides too many additional warnings which require expertise to manage.
We would like Klocwork to connect to Git and notify developers of issues tied to specific commits.
With the growing reliance on AI, Qualys Web Application Scanning should be updated to handle AI-based applications and LLM-based attacks.
Qualys Web Application Scanning does IP-level testing, requiring direct input of credentials, and can only scan a few pages to provide known generic vulnerabilities.
I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus.
It is less expensive than Coverity.
The solution is not very cheap, however, it is less expensive than Coverity.
Klocwork was competitively priced, making it a cost-effective solution for us.
They offer discounts on bulk licenses, making it cheaper compared to competitors like Veracode DAST.
I find it a bit expensive compared to other competitors.
Regarding pricing, I think for personal use, it is costly, but if organizations are ready to pay, then it is fine as they are using it.
The most valuable feature of Klocwork is the static analysis tools, which help identify potential security threats and errors.
Its integration with the CI/CD pipeline has helped streamline the software development process.
It takes just half a day to set up.
It effectively detects vulnerabilities like the OWASP Top 10 without any issues in reporting.
Credential scanning is very effective because it goes in-depth into the system, crawling the pages, and reporting on vulnerabilities.
Qualys Web Application Scanning is accurate and provides minimal false positives.
| Product | Mindshare (%) |
|---|---|
| Qualys Web Application Scanning | 1.8% |
| Klocwork | 1.4% |
| Other | 96.8% |
| Company Size | Count |
|---|---|
| Small Business | 12 |
| Midsize Enterprise | 2 |
| Large Enterprise | 13 |
| Company Size | Count |
|---|---|
| Small Business | 8 |
| Midsize Enterprise | 6 |
| Large Enterprise | 27 |
Klocwork offers advanced static code analysis with integration capabilities for enhanced development efficiency, supporting various development environments and providing clear defect reports. It streamlines software development by reducing defects and improving code quality.
Klocwork integrates seamlessly into CI/CD pipelines, providing real-time and incremental analysis to identify and rectify code defects quickly. It supports multiple integrated development environments (IDEs) and minimizes false positives in its analysis. While primarily supporting C/C++, Java, and C#, there is a need to expand language support and enhance its static analysis engine. The tool assists in adhering to industry standards with features like automated code parsing and MISRA compliance checks. Ease of setup and collaboration capabilities further promotes efficiency, although the dashboard could benefit from user-friendly updates and better integration with Agile tools.
What are the primary features of Klocwork?Klocwork is extensively implemented in industries that prioritize software quality and security standards, particularly in environments focused on C/C++ development on Linux systems. Its capabilities in automated code parsing, traffic analysis, and support for DevOps integration make it invaluable for industries requiring strict MISRA compliance and internal standards adherence. By aiding refactoring and detecting memory-related vulnerabilities, Klocwork contributes to the maintainability and security standards in these sectors.
Qualys Web Application Scanning offers advanced vulnerability management, progressive scheduling, and seamless integration with DevOps environments. Its user-friendly design enables enterprises to enhance security with comprehensive scanning and detailed forensic insights.
Qualys Web Application Scanning addresses enterprise-level security challenges by providing robust solutions for vulnerability management, penetration testing, and compliance checks. While easing the navigation process, it supports risk mitigation with precise risk ratings, minimal false positives, and detailed reporting. However, it faces challenges with its complex interface, authenticated scanning, and automation features. Integrating smoothly with CI/CD pipelines, it is suitable for continuous and automated scanning, adapting to diverse company requirements.
What are the standout features of Qualys Web Application Scanning?Organizations across sectors like education, banking, and international data centers leverage Qualys Web Application Scanning for conducting penetration testing, scanning web applications, and managing vulnerabilities. It aids in audit security and compliance, identifying threats, and generating user-friendly reports, making it a valuable asset for maintaining strong security postures.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
