"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"Automatic scanning is a valuable feature and very easy to use."
"The solution is scalable."
"The solution is good at reporting the vulnerabilities of the application."
"The solution has tightened our security."
"They offer free access to some other tools."
"It updates repositories and libraries quickly."
"The stability of the solution is very good."
"It works with many different products."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"It is a very stable solution."
"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"It is easy to use."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
"Reporting format has no output, is cluttered and very long."
"Lacks resources where users can internally access a learning module from the tool."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"The solution is unable to customize reports."
"The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."
"It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."
"There could be better management and faster scanning."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"The virus code updates are not frequent enough."
"The reporting contains too many false positives."
"Deployment can be complicated."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
More Qualys Web Application Scanning Pricing and Cost Advice →
OWASP Zap is ranked 6th in Application Security Testing (AST) with 9 reviews while Qualys Web Application Scanning is ranked 9th in Application Security Testing (AST) with 6 reviews. OWASP Zap is rated 7.2, while Qualys Web Application Scanning is rated 7.6. The top reviewer of OWASP Zap writes "Great at reporting vulnerabilities, helps with security, and reveals development threats well". On the other hand, the top reviewer of Qualys Web Application Scanning writes "Has a good progressive scan feature but the data server needs improvement". OWASP Zap is most compared with PortSwigger Burp Suite Professional, Veracode, Acunetix, Fortify WebInspect and Invicti, whereas Qualys Web Application Scanning is most compared with Tenable.io Web Application Scanning, Veracode, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect. See our OWASP Zap vs. Qualys Web Application Scanning report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.