We changed our name from IT Central Station: Here's why

OWASP Zap vs Qualys Web Application Scanning comparison

Cancel
You must select at least 2 products to compare!
Featured Review
Find out what your peers are saying about OWASP Zap vs. Qualys Web Application Scanning and other solutions. Updated: January 2022.
564,729 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The interface is easy to use.""Simple to use, good user interface.""Automatic scanning is a valuable feature and very easy to use.""They offer free access to some other tools.""The solution is scalable.""The stability of the solution is very good.""Automatic updates and pull request analysis.""The solution is good at reporting the vulnerabilities of the application."

More OWASP Zap Pros →

"It is easy to use.""The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours.""I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews.""It is a very stable solution.""The interface is user-friendly and easy to understand."

More Qualys Web Application Scanning Pros →

Cons
"The documentation needs to be improved because I had to learn everything from watching YouTube videos.""The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed.""The forced browse has been incorporated into the program and it is resource-intensive.""It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful.""Reporting format has no output, is cluttered and very long.""It would be a great improvement if they could include a marketplace to add extra features to the tool.""Zap could improve by providing better reports for security and recommendations for the vulnerabilities.""Too many false positives; test reports could be improved."

More OWASP Zap Cons →

"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs.""The reporting contains too many false positives.""When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem.""Deployment can be complicated.""The virus code updates are not frequent enough.""The scanner reports a lot of false positives, which is something that needs to be improved."

More Qualys Web Application Scanning Cons →

Pricing and Cost Advice
  • "This is an open-source solution and can be used free of charge."
  • "This solution is open source and free."
  • More OWASP Zap Pricing and Cost Advice →

  • "There are different options available with respect to licensing."
  • "The cost is $30,000 USD for one year to cover WAS (Web Application Security) and the VM (Virtual Machine) security in a company with 200 employees."
  • "We are on an annual license for the solution and the pricing could be more affordable."
  • More Qualys Web Application Scanning Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    564,729 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: 
    OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Top Answer: 
    It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display).
    Top Answer: 
    I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and… more »
    Top Answer: 
    We are on an annual license for the solution and the pricing could be more affordable.
    Top Answer: 
    When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what… more »
    Ranking
    Views
    31,876
    Comparisons
    21,072
    Reviews
    9
    Average Words per Review
    471
    Rating
    7.0
    Views
    9,100
    Comparisons
    5,992
    Reviews
    5
    Average Words per Review
    489
    Rating
    7.6
    Comparisons
    Also Known As
    Qualys WAS
    Learn More
    Overview

    Zed Attack Proxy (ZAP) is a free, open-source penetration testing tool being maintained under the umbrella of the Open Web Application Security Project (OWASP). ZAP is designed specifically for testing web applications and is both flexible and extensible.

    Qualys Web Application Scanning (WAS) is a cloud service that provides automated crawling and testing of custom web applications to identify vulnerabilities including cross-site scripting (XSS) and SQL injection. The automated service enables regular testing that produces consistent results, reduces false positives, and easily scales to secure a large number of websites. Proactively scans websites for malware infections, sending alerts to website owners to help prevent black listing and brand reputation damage.
    Offer
    Learn more about OWASP Zap
    Learn more about Qualys Web Application Scanning
    Sample Customers
    Information Not Available
    BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
    Top Industries
    REVIEWERS
    Computer Software Company27%
    Financial Services Firm18%
    Retailer9%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Computer Software Company30%
    Comms Service Provider25%
    Government6%
    Financial Services Firm5%
    REVIEWERS
    Financial Services Firm50%
    Comms Service Provider13%
    Computer Software Company13%
    Recruiting/Hr Firm13%
    VISITORS READING REVIEWS
    Computer Software Company30%
    Comms Service Provider16%
    Financial Services Firm8%
    Government6%
    Company Size
    REVIEWERS
    Small Business18%
    Midsize Enterprise32%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise16%
    Large Enterprise71%
    REVIEWERS
    Small Business10%
    Midsize Enterprise15%
    Large Enterprise75%
    Find out what your peers are saying about OWASP Zap vs. Qualys Web Application Scanning and other solutions. Updated: January 2022.
    564,729 professionals have used our research since 2012.

    OWASP Zap is ranked 6th in Application Security Testing (AST) with 9 reviews while Qualys Web Application Scanning is ranked 9th in Application Security Testing (AST) with 4 reviews. OWASP Zap is rated 7.0, while Qualys Web Application Scanning is rated 7.8. The top reviewer of OWASP Zap writes "Great at reporting vulnerabilities, helps with security, and reveals development threats well". On the other hand, the top reviewer of Qualys Web Application Scanning writes "Has a good progressive scan feature but the data server needs improvement". OWASP Zap is most compared with PortSwigger Burp Suite Professional, Veracode, Acunetix by Invicti, Fortify WebInspect and Netsparker by Invicti, whereas Qualys Web Application Scanning is most compared with Veracode, SonarQube, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning. See our OWASP Zap vs. Qualys Web Application Scanning report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.