We performed a comparison between Parasoft SOAtest and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The testing time is shortened because we generate test data automatically with SOAtest."
"We do a lot of web services testing and REST services testing. That is the focus of this product."
"Since the solution has both command line and automation options, it generates good reports."
"Every imaginable source in the entire world of information technology can be accessed and used."
"If you want something that’s not provided out of the box, then you can write it yourself and integrate it with SOAtest."
"Technical support is helpful."
"The solution is scalable."
"We can automate our scenarios in a data driven format, which shows there is no rework on scripts. We only need to update the test data and run for a number of scenarios."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."
"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
"By using QualysGuard, we are able to finish external scans with assured results in half the time."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"The vulnerability management feature is a strong one. And also the patch management feature."
"The product is very slow to start up, and that is a bit of a problem, actually."
"Tuning the tool takes time because it gives quite a long list of warnings."
"The feedback that we received from the DevOps of our organization was that the tool was a little heavy from the transformation perspective."
"The performance could be a bit better."
"The summary reports could be improved."
"From an automation point of view, it should have better clarity and be more user friendly."
"Reports could be customized and more descriptive according to the user's or company's requirements."
"Compatibility with HTTP 1.1 and TLS 1.2 needs to be improved."
"The reporting contains too many false positives."
"In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us."
"The software’s pricing could be improved."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
More Qualys Web Application Scanning Pricing and Cost Advice →
Parasoft SOAtest is ranked 28th in Application Security Testing (AST) with 30 reviews while Qualys Web Application Scanning is ranked 14th in Application Security Testing (AST) with 31 reviews. Parasoft SOAtest is rated 8.2, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Parasoft SOAtest writes "Reliable with a good interface but uses too much memory". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Parasoft SOAtest is most compared with Postman, SonarQube, Coverity, Polyspace Code Prover and Klocwork, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect. See our Parasoft SOAtest vs. Qualys Web Application Scanning report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.