IT Central Station is now PeerSpot: Here's why

PortSwigger Burp Suite Professional vs Qualys Web Application Scanning comparison

Cancel
You must select at least 2 products to compare!
Featured Review
Buyer's Guide
PortSwigger Burp Suite Professional vs. Qualys Web Application Scanning
July 2022
Find out what your peers are saying about PortSwigger Burp Suite Professional vs. Qualys Web Application Scanning and other solutions. Updated: July 2022.
622,063 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Good static analysis and dynamic analysis.""The visibility into application status helps reduce risk exposure for our software. Today, any findings provided by the DAST are reviewed by the developers and we have internal processes in place to correct those findings before there can be a release. So it absolutely does prevent us from releasing weak code.""The Veracode technical support is very good. They are responsive and very knowledgeable.""One of the features they have is Software Composition Analysis. When organizations use third-party, open source libraries with their application development, because they're open source they quite often have a lot of bugs. There are always patches coming out for those open source applications. You really have to stay on your toes and keep up with any third-party libraries that might be integrated into your application. Veracode's Software Composition Analysis scans those libraries and we find that very valuable.""Their dashboard is really good, overall. In my opinion, it's one of the best in the market, and I say that because we have used other service providers.""The policy reporting for ensuring compliance with industry standards and regulations is pretty comprehensive, especially around PCI. If you do the static analysis, the dynamic analysis, and then a manual penetration test, it aggregates all of these results into one report. And then they create a PCI-specific report around it which helps to illustrate how the application adheres to different standards.""Another feature of Veracode is that they provide e-learning, but the e-learning is not basic, rather it is quite advanced... in the e-learning you can check into best practices for developing code and how to prevent improper management of some component of the code that could lead to a vulnerability. The e-learning that Veracode provides is an extremely good tool.""The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use."

More Veracode Pros →

"The solution is stable.""PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running.""We use the solution for vulnerability assessment in respect of the application and the sites.""The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs.""I have found the best features to be the performance and there are a lot of additional plugins available.""In my area of expertise, I feel like it has almost everything I could possibly require at this moment.""The most valuable feature is Burp Collaborator.""The solution has a pretty simple setup."

More PortSwigger Burp Suite Professional Pros →

"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile).""It is easy to use.""It is a very stable solution.""Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers.""I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews.""It works with many different products."

More Qualys Web Application Scanning Pros →

Cons
"Veracode has plenty of data. The problem is the information on the dashboards of Veracode, as the user interface is not great. It's not immediately usable. Most of the time, the best way to use it is to just create issues and put them in JIRA... But if I were a startup, and only had products with a good user interface, I wouldn't use Veracode because the UI is very dated.""The solution could improve the Dynamic Analysis Security Testing(DAST).""The training lab is not very user-friendly and takes a long time to set up.""Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly.""The ideal situation in terms of putting the results in front of the developers would be with Veracode integration into the developer environment (IDE). They do have a plugin, which we've used in the past, but we were not as positive about it.""We tried to create an automatic scanning process for Veracode and integrate it into our billing process, but it was easier to adopt it to repositories based on GIT. Until now, our source control repository was Azure DevOps Server (Microsoft TFS) to managing our resources. This was not something that they supported. It took us some sessions together before we successfully implemented it.""The triage indicator was kind of hard to find. It's a very small arrow and I had no idea it was there.""The product has issues with scanning."

More Veracode Cons →

"The price could be better. The rest is fine.""There needs to be better documentation provided. Currently, we need to buy books, or we need to review online some use cases from other professionals who have been using the solution to find out their experience. It is not easy to find out how to properly do a security assessment.""There is not much automation in the tool.""One thing that is not up to the mark in PortSwigger is web application testing. I found some issues with its performance and reporting. They should work on these and give us a better outcome.""PortSwigger Burp Suite Professional can improve by having more features in the free version for beginners to try.""I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us.""The reporting needs to be improved; it is very bad.""The use of system memory is an area that can be improved because it uses a lot."

More PortSwigger Burp Suite Professional Cons →

"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans.""There could be better management and faster scanning.""Sometimes the response time is low because the handshake fails, and then you have to re-login and start again.""The reporting contains too many false positives.""When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem.""The virus code updates are not frequent enough.""Deployment can be complicated."

More Qualys Web Application Scanning Cons →

Pricing and Cost Advice
  • "I don't really know about the pricing, but I'd say it's worth whatever Veracode is charging, because the solution is that good."
  • "Veracode's price is high. I would like them to better optimize their pricing."
  • "If I compare the pricing with other software tools, then it is quite competitive. Whatever the price is, they have always given us a good discount."
  • "Veracode is expensive. Some of its products are expensive. I don't think it's way more expensive than its competitors. The dynamic is definitely worth it, as I think it's cheaper than the competitors. The static scan is a little bit more expensive, around 20 percent more expensive. The manual pen test is more expensive, but it is an expensive service because it's a manual pen test and we also do retests. I don't think it is way more expensive than the competitors, but it's about 15 to 20 percent more expensive."
  • "We use this product per project rather than per developer... Your development model will really determine what the best fit is for you in terms of licensing, because of the project-based licensing. If you do a few projects, that's more attractive. If you have a large number of developers, that would also make the product a little more attractive."
  • "The pricing is really fair compared to a lot of other tools on the market."
  • "It is very reasonably priced compared to what we were paying our previous vendor. For the same price, we are getting much more value and reducing our AppSec costs from 40 to 50 percent."
  • "Veracode is one of the more expensive solutions in the market, but it is worth the expense because of the eLearning and the security consultations; everything is included in the license."
  • More Veracode Pricing and Cost Advice →

  • "At $400 or $500 per license paid annually, it is a very cheap tool."
  • "PortSwigger is reasonably-priced. It's fair."
  • "It has a yearly license. I am satisfied with its price."
  • "We are using the community version, which is free."
  • "It is expensive for us in Brazil because the currency exchange rate from a dollar to a Brazilian Real is quite steep."
  • "The price for the solution is expensive and could be cheaper. We pay an annual license and our team has several of them."
  • "It's a lower priced tool that we can rely on with good standard mechanisms."
  • "This solution requires a license. It is expensive but you receive a lot of functionality for the price."
  • More PortSwigger Burp Suite Professional Pricing and Cost Advice →

  • "The cost is $30,000 USD for one year to cover WAS (Web Application Security) and the VM (Virtual Machine) security in a company with 200 employees."
  • "We are on an annual license for the solution and the pricing could be more affordable."
  • "Qualys WAS' pricing is competitive."
  • More Qualys Web Application Scanning Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    622,063 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis… more »
    Top Answer:Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM… more »
    Top Answer:Veracode recently introduced some pricing based on microservices. This model gives us a lot of flexibility in being able… more »
    Top Answer:OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available… more »
    Top Answer:I’m not aware of the pricing side of things. It might have been paid monthly, however, I don’t know much more than that.
    Top Answer:Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security… more »
    Top Answer:Sometimes the response time is low because the handshake fails, and then you have to re-login and start again. In the… more »
    Comparisons
    Also Known As
    Burp
    Qualys WAS
    Learn More
    Overview

    Veracode covers all your Application Security needs in one solution through a combination of five analysis types; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline, and empowers developers to find and fix security defects.

    Burp Suite Professional, by PortSwigger, is the world’s leading toolkit for web security testing. Over 52,000 users worldwide, across all industries and organization sizes, trust Burp Suite Professional to find more vulnerabilities, faster. With expertly-engineered manual and automated tooling, you're able to test smarter - not harder.

    PortSwigger is the web security company that is enabling the world to secure the web. Over 50,000 security engineers rely on our software and expertise to secure their world.

    Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.

    Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.

    Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:

    • Deep Scanning: All apps and APIs on your internal network and public cloud are covered by Qualys WAS deep scanning to show you any visible vulnerabilities.

    • DevSec Ops Tool: Detect security issues in your code while still in app development stages and generate comprehensive reports.

    • Comprehensive Discovery: Discover and catalog new and unknown web apps in your network.

    • Malware Detection: Scan a website, identify vulnerabilities, and receive alerts to any infections.


    Benefits of Qualys Web Application Scanning

    Qualys Web Application Scanning offers many benefits, including:

    • Quick Deployment: Requires no infrastructure or software to upkeep.

    • Effortless Scalability: Effortlessly launch a deep scan and protect thousands of websites.

    • Centralized Management: Manage and mend all web app vulnerabilities through a single interface.

    • Excellent Integration Capabilities: Integrates with Qualys Web App Firewall (WAF) for a single-click virtual patching of found vulnerabilities.

    • Respond to Threats Immediately: Qualys Continuous Monitoring offers the user a hands-free service by automatically launching scanning and sending notifications of a potential threat.

    • Cost-effective Solution: Data is analyzed in real time as Qualys WAS is an end-to-end solution; this helps avoid costs associated with managing multiple security vendors.

    Reviews from Real Users

    Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.

    P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."

    Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."

    Offer
    Keep your software secure

    Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

    Learn more about PortSwigger Burp Suite Professional
    Learn more about Qualys Web Application Scanning
    Sample Customers
    State of Missouri, Rekner
    Google, Amazon, NASA, FedEx, P&G, Salesforce
    BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
    Top Industries
    REVIEWERS
    Financial Services Firm31%
    Insurance Company11%
    Computer Software Company11%
    Healthcare Company7%
    VISITORS READING REVIEWS
    Computer Software Company26%
    Comms Service Provider14%
    Financial Services Firm12%
    Manufacturing Company7%
    REVIEWERS
    Manufacturing Company32%
    Financial Services Firm26%
    Comms Service Provider11%
    Computer Software Company11%
    VISITORS READING REVIEWS
    Comms Service Provider26%
    Computer Software Company24%
    Government7%
    Financial Services Firm5%
    REVIEWERS
    Financial Services Firm40%
    Non Tech Company10%
    Educational Organization10%
    Pharma/Biotech Company10%
    VISITORS READING REVIEWS
    Computer Software Company26%
    Comms Service Provider14%
    Financial Services Firm10%
    Insurance Company5%
    Company Size
    REVIEWERS
    Small Business24%
    Midsize Enterprise27%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise14%
    Large Enterprise70%
    REVIEWERS
    Small Business18%
    Midsize Enterprise18%
    Large Enterprise63%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise18%
    Large Enterprise62%
    REVIEWERS
    Small Business13%
    Midsize Enterprise13%
    Large Enterprise74%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise16%
    Large Enterprise65%
    Buyer's Guide
    PortSwigger Burp Suite Professional vs. Qualys Web Application Scanning
    July 2022
    Find out what your peers are saying about PortSwigger Burp Suite Professional vs. Qualys Web Application Scanning and other solutions. Updated: July 2022.
    622,063 professionals have used our research since 2012.

    PortSwigger Burp Suite Professional is ranked 5th in Application Security Tools with 20 reviews while Qualys Web Application Scanning is ranked 12th in Application Security Tools with 5 reviews. PortSwigger Burp Suite Professional is rated 8.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of PortSwigger Burp Suite Professional writes "Best for manual penetration testing, a great user interface, and offers good scanning capabilities". On the other hand, the top reviewer of Qualys Web Application Scanning writes "We like its process of updating signatures, and it's way ahead of its industry peers. ". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, Invicti and HCL AppScan, whereas Qualys Web Application Scanning is most compared with Tenable.io Web Application Scanning, OWASP Zap, SonarQube, Fortify WebInspect and Snyk. See our PortSwigger Burp Suite Professional vs. Qualys Web Application Scanning report.

    See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.