Veracode and Qualys Web Application Scanning are competitors in the application security space, focusing on facilitating vulnerability detection and management. When evaluating their features, Veracode appears to have the upper hand due to its comprehensive integration capabilities and developer training resources.
Features: Veracode offers security features like static and dynamic analysis, and software composition analysis, supported by Security Labs for developer training. It integrates effectively within the development pipeline, providing detailed vulnerability reports and maintaining a low false positive rate. Qualys Web Application Scanning provides comprehensive coverage with detailed reports focused on vulnerability management and real-time monitoring, excelling in seamless integration for web application scanning.
Room for Improvement: Veracode needs to enhance its false positive rates, scanning speed, and integration with tools like JFrog Artifactory. It could also offer a more intuitive user interface and comprehensive training resources. Qualys could improve by offering more flexible pricing models, a better user interface, reduced false positives, and more adaptable integration options.
Ease of Deployment and Customer Service: Veracode deploys smoothly across public, private, and hybrid cloud environments, though some users report slowdowns. Its consultation features are praised, although support response times can vary. Qualys provides similar cloud deployment options but faces challenges in ease of use and initial setup, requiring clearer documentation and integration guidance.
Pricing and ROI: Veracode is perceived as a higher-priced solution with flexible licensing options, offering significant ROI through developer time savings and enhanced security, often more suitable for larger enterprises. Qualys also has a high price point with some licensing flexibility, delivering competitive value via bulk discounts and cost-effective features, appealing to broader enterprises seeking comprehensive security solutions.
The scanners of Veracode bring status of the weaknesses in the current infrastructure. It scans and provides reports regarding the servers, the network, and the applications running on those servers.
Regarding price, the evaluation should focus on how efficiently they will recover their investment, considering the time saved through the use of Veracode Fix, for example, and the ability to fix code at dev time compared to the problems faced when fixing after the product is already deployed.
Once we purchase the license, we have access to top-notch support.
I have dealt with Qualys's technical support, and any enhancements are challenging.
Access to the engineering team is crucial for faster feedback on the product fix process.
They are very responsive and quick to help with queries within our scope.
They respond very quickly since security is something critical.
It is licensed for assets, so we just contact the team for additional licenses if needed.
At one point, there was a limitation on reporting for 100,000 assets at a time.
Cloud solutions are easier to scale than on-premise solutions.
It has a good capacity to scale effectively.
If the Veracode server is down, we experience many issues during the scan.
It's not that easy to onboard, but once they have been onboarded on the platform, and the pipeline configured alongside the product configured, it works effectively.
With the growing reliance on AI, Qualys Web Application Scanning should be updated to handle AI-based applications and LLM-based attacks.
I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus.
One area of improvement is reducing false positives by prioritizing agent findings over remote findings when there is a corresponding local agent finding.
If it could be integrated directly with code repositories such as Bitbucket or GitHub, without the need to create a pipeline to upload and decode code, it would simplify the code scan process significantly.
We had issues with scanning large applications. Scanning took a lot of time, so we kept it outside the DevOps pipeline to avoid delaying deployments.
A nice addition would be if it could be extended for scenarios with custom cleansers.
They offer discounts on bulk licenses, making it cheaper compared to competitors like Veracode DAST.
I find it a bit expensive compared to other competitors.
It's not the most expensive solution.
If there's a security gap, you'll never know the cost or effect.
Pricing-wise, I find it a bit expensive because it's based on the number of users requesting access to Veracode.
It effectively detects vulnerabilities like the OWASP Top 10 without any issues in reporting.
Credential scanning is very effective because it goes in-depth into the system, crawling the pages, and reporting on vulnerabilities.
Qualys Web Application Scanning is accurate and provides minimal false positives.
It offers confidence by preventing exposure to vulnerabilities and helps ensure that we are not deploying vulnerable code into production.
The best features in Veracode include static analysis and the early detection of vulnerable libraries; it integrates with tools such as Jenkins.
It fixes issues directly in the IDE while you're doing it.
Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.
Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.
Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:
Benefits of Qualys Web Application Scanning
Qualys Web Application Scanning offers many benefits, including:
Reviews from Real Users
Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.
P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.
Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.
What are the key features of Veracode?
What benefits should users consider in Veracode reviews?
Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.
Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
