Qualys Web Application Scanning vs Tenable.io Web Application Scanning comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Qualys Web Application Scanning and Tenable.io Web Application Scanning based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Qualys Web Application Scanning vs. Tenable.io Web Application Scanning Report (Updated: November 2022).
655,113 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"There is a single area on the dashboard where you can get a full view of all of the tests and the results from everything. There is a nice, very simple graphic that shows you the types of vulnerabilities that were found, their severity, the scoring, and in what part of the code they were found. All the details are together in one place.""You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs.""Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed.""The most valuable features are that you can do static analysis and dynamic analysis on a scheduled basis and that you can push the findings into JIRA.""It is SaaS hosted. That makes it very convenient to use. There is no initial time needed to set up an application. Scanning is a matter of minutes. You just log in, create an application profile, associate a security configuration, and that's about it. It takes 10 minutes to start. The lack of initial lead time or initial overhead to get going is the primary advantage.""Another feature of Veracode is that they provide e-learning, but the e-learning is not basic, rather it is quite advanced... in the e-learning you can check into best practices for developing code and how to prevent improper management of some component of the code that could lead to a vulnerability. The e-learning that Veracode provides is an extremely good tool.""It's comprehensive from a feature standpoint.""The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use."

More Veracode Pros →

"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews.""Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers.""Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile).""It works with many different products."

More Qualys Web Application Scanning Pros →

"It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on.""The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful.""Tenable provides the end analysis results covering all the published vulnerabilities and information on the market.""Tenable.io Web Application Scanning is very easy to use.""The solution is stable.""It is fully automated."

More Tenable.io Web Application Scanning Pros →

Cons
"There is much to be desired of UI and user experience. The UI is very slow. With every click, it just takes a lot of time for the pages to load. We have seen this consistently since getting this solution. The UI and UX are very disjointed.""The product has issues with scanning.""Veracode has plenty of data. The problem is the information on the dashboards of Veracode, as the user interface is not great. It's not immediately usable. Most of the time, the best way to use it is to just create issues and put them in JIRA... But if I were a startup, and only had products with a good user interface, I wouldn't use Veracode because the UI is very dated.""The ideal situation in terms of putting the results in front of the developers would be with Veracode integration into the developer environment (IDE). They do have a plugin, which we've used in the past, but we were not as positive about it.""The reports on offer are too verbose.""The UI could be better. Also, there are some scenarios where there is no security flaw, but the report indicates that there is a security flaw. The report is not perfectly accurate. So, the accuracy of the scanning reports needs improvement.""The solution could improve the Dynamic Analysis Security Testing(DAST).""The training lab is not very user-friendly and takes a long time to set up."

More Veracode Cons →

"There could be better management and faster scanning.""We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans.""Sometimes the response time is low because the handshake fails, and then you have to re-login and start again.""When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."

More Qualys Web Application Scanning Cons →

"Tenable.io Web Application Scanning could improve by offering faster fuzzing.""They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap.""It isn't easy to manage vulnerabilities in Tenable.""The report customization needs to be better.""The reporting has a very limited customization capability.""The dashboard could be more user-friendly."

More Tenable.io Web Application Scanning Cons →

Pricing and Cost Advice
  • "The pricing is really fair compared to a lot of other tools on the market."
  • "It is very reasonably priced compared to what we were paying our previous vendor. For the same price, we are getting much more value and reducing our AppSec costs from 40 to 50 percent."
  • "Veracode is one of the more expensive solutions in the market, but it is worth the expense because of the eLearning and the security consultations; everything is included in the license."
  • "Licensing cost is on a yearly basis and there are no additional costs, the pricing is straightforward."
  • "From a cost perspective, it seems okay, although we will probably evaluate alternatives next time it's up for renewal because for us, it's a relatively high cost, and we want to make sure that we are using our resources most appropriately."
  • "The pricing is a little on the high side but since we combine our product into one suite, it is easy to do and works well for us."
  • "It is quite good. If you adapt it for the whole organization, it is quite affordable. The pricing plans are good as compared to the other competitors, and any small, medium, or big company can easily adopt Veracode. Its cost includes deployment, training, and support for one year."
  • More Veracode Pricing and Cost Advice →

  • "We are on an annual license for the solution and the pricing could be more affordable."
  • "Qualys WAS' pricing is competitive."
  • More Qualys Web Application Scanning Pricing and Cost Advice →

  • "It follows the same licensing scheme as Tenable.io and Tenable. sc."
  • "The price of the solution is reasonable compared to the competitors. The license cost is based on the number of users and the annual usage."
  • More Tenable.io Web Application Scanning Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    655,113 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis… more »
    Top Answer:The findings of their security analysis are wonderful. You can easily go through all the analyses done by Veracode. You… more »
    Top Answer:The UI could be better. Also, there are some scenarios where there is no security flaw, but the report indicates that… more »
    Ask a question

    Earn 20 points

    Top Answer:The most valuable feature is the reporting, which provides a good level of detail with respect to vulnerabilities.
    Top Answer:It would be great if there were a dashboard that is more user-friendly. We had some trouble integrating with ZeroNorth… more »
    Top Answer:For assets, this is a good product and I recommend it. We have done some other PoCs and in comparison, I think… more »
    Comparisons
    Also Known As
    Qualys WAS
    Learn More
    Overview

    Veracode covers all your Application Security needs in one solution through a combination of five analysis types; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline, and empowers developers to find and fix security defects.

    Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.

    Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.

    Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:

    • Deep Scanning: All apps and APIs on your internal network and public cloud are covered by Qualys WAS deep scanning to show you any visible vulnerabilities.

    • DevSec Ops Tool: Detect security issues in your code while still in app development stages and generate comprehensive reports.

    • Comprehensive Discovery: Discover and catalog new and unknown web apps in your network.

    • Malware Detection: Scan a website, identify vulnerabilities, and receive alerts to any infections.


    Benefits of Qualys Web Application Scanning

    Qualys Web Application Scanning offers many benefits, including:

    • Quick Deployment: Requires no infrastructure or software to upkeep.

    • Effortless Scalability: Effortlessly launch a deep scan and protect thousands of websites.

    • Centralized Management: Manage and mend all web app vulnerabilities through a single interface.

    • Excellent Integration Capabilities: Integrates with Qualys Web App Firewall (WAF) for a single-click virtual patching of found vulnerabilities.

    • Respond to Threats Immediately: Qualys Continuous Monitoring offers the user a hands-free service by automatically launching scanning and sending notifications of a potential threat.

    • Cost-effective Solution: Data is analyzed in real time as Qualys WAS is an end-to-end solution; this helps avoid costs associated with managing multiple security vendors.

    Reviews from Real Users

    Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.

    P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."

    Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."

    Tenable.io Web Application Scanning safely, accurately and automatically scans your web applications, providing deep visibility into vulnerabilities and valuable context to prioritize remediation.

    Offer
    Keep your software secure

    Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

    Learn more about Qualys Web Application Scanning
    Learn more about Tenable.io Web Application Scanning
    Sample Customers
    State of Missouri, Rekner
    BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
    IMDEX
    Top Industries
    REVIEWERS
    Financial Services Firm31%
    Insurance Company11%
    Computer Software Company11%
    Healthcare Company7%
    VISITORS READING REVIEWS
    Computer Software Company21%
    Financial Services Firm15%
    Comms Service Provider10%
    Manufacturing Company7%
    REVIEWERS
    Financial Services Firm40%
    Recruiting/Hr Firm10%
    Educational Organization10%
    Non Tech Company10%
    VISITORS READING REVIEWS
    Computer Software Company21%
    Financial Services Firm12%
    Comms Service Provider9%
    Insurance Company6%
    VISITORS READING REVIEWS
    Computer Software Company20%
    Government10%
    Financial Services Firm10%
    Comms Service Provider9%
    Company Size
    REVIEWERS
    Small Business24%
    Midsize Enterprise27%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise13%
    Large Enterprise71%
    REVIEWERS
    Small Business13%
    Midsize Enterprise13%
    Large Enterprise74%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise15%
    Large Enterprise66%
    REVIEWERS
    Small Business44%
    Midsize Enterprise11%
    Large Enterprise44%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise17%
    Large Enterprise66%
    Buyer's Guide
    Qualys Web Application Scanning vs. Tenable.io Web Application Scanning
    November 2022
    Find out what your peers are saying about Qualys Web Application Scanning vs. Tenable.io Web Application Scanning and other solutions. Updated: November 2022.
    655,113 professionals have used our research since 2012.

    Qualys Web Application Scanning is ranked 19th in Application Security Tools with 4 reviews while Tenable.io Web Application Scanning is ranked 13th in Application Security Tools with 6 reviews. Qualys Web Application Scanning is rated 7.8, while Tenable.io Web Application Scanning is rated 8.0. The top reviewer of Qualys Web Application Scanning writes "We like its process of updating signatures, and it's way ahead of its industry peers. ". On the other hand, the top reviewer of Tenable.io Web Application Scanning writes "Collects the vulnerabilities on the hostnames and sends them to the cloud". Qualys Web Application Scanning is most compared with OWASP Zap, SonarQube, PortSwigger Burp Suite Professional, Fortify WebInspect and Snyk, whereas Tenable.io Web Application Scanning is most compared with Acunetix, PortSwigger Burp Suite Professional, SonarQube, Micro Focus Fortify on Demand and Invicti. See our Qualys Web Application Scanning vs. Tenable.io Web Application Scanning report.

    See our list of best Application Security Tools vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.