No more typing reviews! Try our Samantha, our new voice AI agent.

Qualys Web Application Scanning vs Trustwave App Scanner [EOL] comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys Web Application Scan...
Average Rating
7.6
Reviews Sentiment
6.3
Number of Reviews
40
Ranking in other categories
Application Security Tools (17th), Static Application Security Testing (SAST) (14th)
Trustwave App Scanner [EOL]
Average Rating
7.6
Number of Reviews
5
Ranking in other categories
No ranking in other categories
 

Featured Reviews

AnkitSharma13 - PeerSpot reviewer
Security Officer at a tech vendor with 10,001+ employees
Web scanning needs improvement but offers good vulnerability detection
The downside of Qualys Web Application Scanning is that it cannot crawl automatically. If I provide an IP address and a login form, it does basic testing, but it doesn't go deep as IBM AppScan does. If Qualys Web Application Scanning could improve its crawling capability, it would be more user-friendly. Qualys Web Application Scanning does IP-level testing, requiring direct input of credentials, and can only scan a few pages to provide known generic vulnerabilities, which isn't as beneficial from my point of view. The Vulnerability Management also relies heavily on version numbers and will flag vulnerabilities based on the component version, but it doesn't check if a real fix exists, leading to flags on components that actually have workarounds available.
Securityd276 - PeerSpot reviewer
Security Manager at a healthcare company with 1,001-5,000 employees
Stable solution that has increased the maturity of our security program
I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities. For the most part, it fits our needs but a little more flexibility would be great. I would also like to have more information on AI. If we start to deploy AI in our infrastructure, does it cover that as well?

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The vulnerability management feature is a strong one. And also the patch management feature."
"Qualys Web Application Scanning is very stable and reliable."
"WAS gave us visibility into our externally exposed web applications and showed us vulnerabilities that we were not aware of and did not know how to test for."
"​This product is designed for easy scalability and can easily scale up ​without major challenges."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera."
"Key features include: Cloud-based, so the installation is not so tedious, easily deployed, highly scalable, and provides comprehensive reporting."
"Go ahead and use Hailstorm as it's the best dynamic code analysis tool one can invest in and it gives a better ROI than most."
"The stability is great. We haven't had any issues at all with it."
"Web application security testing is a valuable feature."
"This scanner was more efficient compared to its competitors."
"The simple fact that it puts us in a better place for identifying our vulnerabilities is a form of ROI."
"Trustwave App Scanner makes it really easy and convenient for us to notify the website owners before the scans, as well as providing the scan results."
 

Cons

"We are researching open source software because Qualys needs to improve their reports and the documentation for the end-users in resolving scanned issues."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"The downside of Qualys Web Application Scanning is that it cannot crawl automatically. If I provide an IP address and a login form, it does basic testing, but it doesn't go deep as IBM AppScan does."
"The authenticated scanning feature could be improved by adding support for real-time scanning tokens and authorization tokens."
"Deployment can be complicated."
"The software’s pricing could be improved."
"They should try to include business logic vulnerabilities in the scanner testing."
"The licensing and user permissions are a little wonky for a DevOps team to use, probably because it’s traditionally an InfoSec tool."
"One feature that I would really want is the number of total applications in the web GUI; after selecting a filter on the applications, it would be really helpful if it shows the number of applications."
"Used to crash/freeze due to poor performance, not sure about newer versions."
"It was complex as I have to make sure all the requirements are in place before on-boarding Hailstorm."
"I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities."
"It doesn't support modern web technologies such as GWT, Angular, JS etc."
 

Pricing and Cost Advice

"We are on an annual license for the solution and the pricing could be more affordable."
"The product has a very good licensing model."
"Qualys Web Application Scanning's pricing is a bit expensive compared to other solutions available in the market."
"We normally purchase an annual license."
"Qualys WAS' pricing is competitive."
"Licensing was based on the number of assets that you want to scan on your network. You can also do licensing on subscription. On subscription, it is easier and more flexible. You tell Qualys that you want to move from the 1000 to 2000 band or the 3000 or 5000 band, then they will give you the quotation for it. Once you pay for it, applying the licensing is quite easy and effective."
"​It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders​."
"From my perspective, it is a budget-friendly option."
Information not available
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
903,257 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
14%
Manufacturing Company
12%
Computer Software Company
8%
Construction Company
7%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise6
Large Enterprise27
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Qualys Web Application Scanning?
Regarding pricing, I think for personal use, it is costly, but if organizations are ready to pay, then it is fine as they are using it.
What needs improvement with Qualys Web Application Scanning?
The downside of Qualys Web Application Scanning is that it cannot crawl automatically. If I provide an IP address and a login form, it does basic testing, but it doesn't go deep as IBM AppScan does...
What is your primary use case for Qualys Web Application Scanning?
I use Qualys Web Application Scanning, and we are using Vulnerability Management. By Vulnerability Management, I mean not TotalCloud; they have some on-premises solutions also. Patch Management and...
Ask a question
Earn 20 points
 

Also Known As

Qualys WAS
Hailstorm, Cenzic Hailstorm
 

Overview

 

Sample Customers

BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
Leading Health Insurer
Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Application Security Tools. Updated: June 2026.
903,257 professionals have used our research since 2012.