We performed a comparison between PortSwigger Burp Suite Professional and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."There is no other tool like it. I like the intuitiveness and the plugins that are available."
""The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved.""
"You can scan any number of applications and it updates its database."
"Enables automation of different tasks such as authorization testing."
"I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want."
"The most valuable features are Burp Intruder and Burp Scanner."
"I have found the best features to be the performance and there are a lot of additional plugins available."
"The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."
"With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"The vulnerability management feature is a strong one. And also the patch management feature."
"Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"Scanning APIs using PortSwigger Burp Suite Professional takes a lot of time."
"The solution doesn't offer very good scalability."
"Currently, the scanning is only available in the full version of Burp, and not in the Community version."
"The price could be better. The rest is fine."
"In the Professional version, we cannot link it with the CI/CD process."
"The Burp Collaborator needs improvement. There also needs to be improved integration."
"We wish that the Spider feature would appear in the same shape that it does in previous versions."
"If we're running a huge number of scans regularly, it slows down the tool."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"The reporting contains too many false positives."
"The product should allow users to upload their payloads."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
"There should be better visibility into the application."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
More Qualys Web Application Scanning Pricing and Cost Advice →
PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. PortSwigger Burp Suite Professional is rated 8.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and SonarQube, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, Fortify WebInspect and Tenable.io Web Application Scanning. See our PortSwigger Burp Suite Professional vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.