No more typing reviews! Try our Samantha, our new voice AI agent.
Qualys Web Application Scanning Logo

Qualys Web Application Scanning pros and cons

Vendor: Qualys
3.8 out of 5
Leave a review

Pros & Cons summary

Qualys Web Application Scanning offers comprehensive vulnerability management with cloud-based scalability and seamless integration enhancing patch management and PCI compliance. Progressive scanning and rapid updates aid vulnerability detection; however, false positives and high pricing pose challenges. Although automated scanning reduces manual effort, concurrent scanning limits scalability. Detailed reports support compliance, yet complex setups and lack of real-time scanning limit efficiency. Pricing and execution complexities impact large deployments significantly.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

QualysGuard provides fast and assured results for external and PCI scans.
It easily scales without major challenges and offers comprehensive cloud-based and easily deployable features.
It integrates well with other tools and creates comprehensive reports, making remediation easy.
Its single console provides consolidated reporting from on-prem to cloud compliance, covering multiple security aspects.
It ensures accurate scans with minimal false positives and provides valuable features like patch and vulnerability management.

CONS

Qualys Web Application Scanning has issues with false positives, which could be reduced with algorithm improvements.
Pricing for Qualys Web Application Scanning is considered expensive and should be more competitive.
Qualys Web Application Scanning lacks full platform coverage for the Policy Compliance model, which needs enhancement.
Concurrent scan capabilities in Qualys Web Application Scanning are limited, making scalability challenging.
Qualys Web Application Scanning does not support automatic crawling and deep testing compared to competitors like IBM AppScan.
 

Qualys Web Application Scanning Pros review quotes

it_user335103 - PeerSpot reviewer
it_user335103
Info-Security Consultant at a financial services firm with 1,001-5,000 employees
Oct 30, 2015
It protects against zero-day vulnerabilities, like Heartbleed.
Read full review
it_user488199 - PeerSpot reviewer
it_user488199
Senior Security Systems Engineer at a computer software company with 501-1,000 employees
Jul 25, 2016
WAS gave us visibility into our externally exposed web applications and showed us vulnerabilities that we were not aware of and did not know how to test for.
Read full review
it_user494979 - PeerSpot reviewer
it_user494979
Module Lead with 1,001-5,000 employees
Aug 11, 2016
Qualys is perfect, scalability-wise.
Read full review
Buyer's Guide
Qualys Web Application Scanning
April 2026
Free Report: Qualys Web Application Scanning Reviews and More
Learn what your peers think about Qualys Web Application Scanning. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.
DOWNLOAD NOW
887,041 professionals have used our research since 2012.
it_user395523 - PeerSpot reviewer
it_user395523
Sr. Director, Cloud Platform Engineering at a tech vendor with 5,001-10,000 employees
Jun 30, 2017
We’re a Linux shop and Qualys gave us good Linux vulnerability scanning; it reports only a few glaring false-positive errors, and the long baseline of iterative results was valuable to track changes and our rate of improvement while access to the API let us automate its use in our CI/CD pipeline for machine images.
Read full review
it_user700140 - PeerSpot reviewer
it_user700140
Ex Senior Security Analyst and Onsite consultant at Paladion Networks
Feb 18, 2018
​QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations.​
Read full review
it_user563475 - PeerSpot reviewer
it_user563475
Deputy Manager at a tech services company with 10,001+ employees
Feb 28, 2018
Network scanner has good reporting, coverage was also good.
Read full review
CybSec9734 - PeerSpot reviewer
CybSec9734
Cyber Security Consultant at a tech services company with 10,001+ employees
May 15, 2018
Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting.
Read full review
Reviewer32192 - PeerSpot reviewer
Reviewer32192
Delivery Manager at a tech vendor with 1,001-5,000 employees
Aug 2, 2018
We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not.
Read full review
Daniel_Ndiba - PeerSpot reviewer
Daniel_Ndiba
Assistant Manager - Cyber & Cloud Security at a financial services firm with 1,001-5,000 employees
Aug 16, 2018
It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools.
Read full review
Consultab6ea - PeerSpot reviewer
Consultab6ea
Consultant at a tech services company with 1,001-5,000 employees
Aug 22, 2019
The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level.
Read full review
Show 10 more reviews (out of 37)
 

Qualys Web Application Scanning Cons review quotes

it_user335103 - PeerSpot reviewer
it_user335103
Info-Security Consultant at a financial services firm with 1,001-5,000 employees
Oct 30, 2015
It's missing some zero-day patches.
Read full review
it_user488199 - PeerSpot reviewer
it_user488199
Senior Security Systems Engineer at a computer software company with 501-1,000 employees
Jul 25, 2016
The organization of the assets was a little confusing and overwhelming.
Read full review
it_user494979 - PeerSpot reviewer
it_user494979
Module Lead with 1,001-5,000 employees
Aug 11, 2016
The tool should have a live HTTP editor and more configuration options for some situations, such as handling applications that have URL rewriting enabled.
Read full review
Buyer's Guide
Qualys Web Application Scanning
April 2026
Free Report: Qualys Web Application Scanning Reviews and More
Learn what your peers think about Qualys Web Application Scanning. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.
DOWNLOAD NOW
887,041 professionals have used our research since 2012.
it_user395523 - PeerSpot reviewer
it_user395523
Sr. Director, Cloud Platform Engineering at a tech vendor with 5,001-10,000 employees
Jun 30, 2017
The licensing and user permissions are a little wonky for a DevOps team to use, probably because it’s traditionally an InfoSec tool.
Read full review
it_user700140 - PeerSpot reviewer
it_user700140
Ex Senior Security Analyst and Onsite consultant at Paladion Networks
Feb 18, 2018
They should try to include business logic vulnerabilities in the scanner testing.
Read full review
it_user563475 - PeerSpot reviewer
it_user563475
Deputy Manager at a tech services company with 10,001+ employees
Feb 28, 2018
Please add manual penetration testing features. Also I didn't like the license terms and the features were limited compared to other tools used for web applications.
Read full review
CybSec9734 - PeerSpot reviewer
CybSec9734
Cyber Security Consultant at a tech services company with 10,001+ employees
May 15, 2018
The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes.
Read full review
Reviewer32192 - PeerSpot reviewer
Reviewer32192
Delivery Manager at a tech vendor with 1,001-5,000 employees
Aug 2, 2018
In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us.
Read full review
Daniel_Ndiba - PeerSpot reviewer
Daniel_Ndiba
Assistant Manager - Cyber & Cloud Security at a financial services firm with 1,001-5,000 employees
Aug 16, 2018
The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected.
Read full review
Consultab6ea - PeerSpot reviewer
Consultab6ea
Consultant at a tech services company with 1,001-5,000 employees
Aug 22, 2019
It should have better automatic reporting.
Read full review
Show 10 more reviews (out of 37)

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube vs Qualys Web Application Scanning Logo
SonarQube vs Qualys Web Application Scanning
Snyk vs Qualys Web Application Scanning Logo
Snyk vs Qualys Web Application Scanning
Checkmarx One vs Qualys Web Application Scanning Logo
Checkmarx One vs Qualys Web Application Scanning
GitLab vs Qualys Web Application Scanning Logo
GitLab vs Qualys Web Application Scanning
Veracode vs Qualys Web Application Scanning Logo
Veracode vs Qualys Web Application Scanning
CrowdStrike Falcon Cloud Security vs Qualys Web Application Scanning Logo
CrowdStrike Falcon Cloud Security vs Qualys Web Application Scanning
Coverity Static vs Qualys Web Application Scanning Logo
Coverity Static vs Qualys Web Application Scanning
Acunetix vs Qualys Web Application Scanning Logo
Acunetix vs Qualys Web Application Scanning
Mend.io vs Qualys Web Application Scanning Logo
Mend.io vs Qualys Web Application Scanning
OpenText Core Application Security vs Qualys Web Application Scanning Logo
OpenText Core Application Security vs Qualys Web Application Scanning
GitHub Advanced Security vs Qualys Web Application Scanning Logo
GitHub Advanced Security vs Qualys Web Application Scanning
Sonatype Lifecycle vs Qualys Web Application Scanning Logo
Sonatype Lifecycle vs Qualys Web Application Scanning
PortSwigger Burp Suite Professional vs Qualys Web Application Scanning Logo
PortSwigger Burp Suite Professional vs Qualys Web Application Scanning
OWASP Zap vs Qualys Web Application Scanning Logo
OWASP Zap vs Qualys Web Application Scanning
HCL AppScan vs Qualys Web Application Scanning Logo
HCL AppScan vs Qualys Web Application Scanning
See all alternatives

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube vs Qualys Web Application Scanning Logo
SonarQube vs Qualys Web Application Scanning
Snyk vs Qualys Web Application Scanning Logo
Snyk vs Qualys Web Application Scanning
Checkmarx One vs Qualys Web Application Scanning Logo
Checkmarx One vs Qualys Web Application Scanning
GitLab vs Qualys Web Application Scanning Logo
GitLab vs Qualys Web Application Scanning
Veracode vs Qualys Web Application Scanning Logo
Veracode vs Qualys Web Application Scanning
CrowdStrike Falcon Cloud Security vs Qualys Web Application Scanning Logo
CrowdStrike Falcon Cloud Security vs Qualys Web Application Scanning
Coverity Static vs Qualys Web Application Scanning Logo
Coverity Static vs Qualys Web Application Scanning
Acunetix vs Qualys Web Application Scanning Logo
Acunetix vs Qualys Web Application Scanning
Mend.io vs Qualys Web Application Scanning Logo
Mend.io vs Qualys Web Application Scanning
OpenText Core Application Security vs Qualys Web Application Scanning Logo
OpenText Core Application Security vs Qualys Web Application Scanning
GitHub Advanced Security vs Qualys Web Application Scanning Logo
GitHub Advanced Security vs Qualys Web Application Scanning
Sonatype Lifecycle vs Qualys Web Application Scanning Logo
Sonatype Lifecycle vs Qualys Web Application Scanning
PortSwigger Burp Suite Professional vs Qualys Web Application Scanning Logo
PortSwigger Burp Suite Professional vs Qualys Web Application Scanning
OWASP Zap vs Qualys Web Application Scanning Logo
OWASP Zap vs Qualys Web Application Scanning
HCL AppScan vs Qualys Web Application Scanning Logo
HCL AppScan vs Qualys Web Application Scanning
See all alternatives
Related questions
  • 26
What is the biggest difference between OWASP Zap and Qualys?
  • 206
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 129
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 238
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 203
What are the Top 5 cybersecurity trends in 2022?
  • 109
Which application security solutions include both vulnerability scans and quality checks?
  • 130
We're evaluating Tripwire, what else should we consider?
  • 356
Is SonarQube the best tool for static analysis?
  • 102
Why Do I Need Application Security Software?
  • 132
Which Email Security enterprise solution would you choose: Cisco Secure Email vs Forcepoint Email Security vs Barracuda Email Security Gateway?