Qualys Web Application Scanning OverviewUNIXBusinessApplication

Qualys Web Application Scanning is the #15 ranked solution in AST tools and #17 ranked solution in application security solutions. PeerSpot users give Qualys Web Application Scanning an average rating of 7.8 out of 10. Qualys Web Application Scanning is most commonly compared to Tenable.io Web Application Scanning: Qualys Web Application Scanning vs Tenable.io Web Application Scanning. Qualys Web Application Scanning is popular among the large enterprise segment, accounting for 66% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 21% of all views.
Buyer's Guide

Download the Application Security Tools Buyer's Guide including reviews and more. Updated: November 2022

What is Qualys Web Application Scanning?

Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.

Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.

Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:

  • Deep Scanning: All apps and APIs on your internal network and public cloud are covered by Qualys WAS deep scanning to show you any visible vulnerabilities.

  • DevSec Ops Tool: Detect security issues in your code while still in app development stages and generate comprehensive reports.

  • Comprehensive Discovery: Discover and catalog new and unknown web apps in your network.

  • Malware Detection: Scan a website, identify vulnerabilities, and receive alerts to any infections.


Benefits of Qualys Web Application Scanning

Qualys Web Application Scanning offers many benefits, including:

  • Quick Deployment: Requires no infrastructure or software to upkeep.

  • Effortless Scalability: Effortlessly launch a deep scan and protect thousands of websites.

  • Centralized Management: Manage and mend all web app vulnerabilities through a single interface.

  • Excellent Integration Capabilities: Integrates with Qualys Web App Firewall (WAF) for a single-click virtual patching of found vulnerabilities.

  • Respond to Threats Immediately: Qualys Continuous Monitoring offers the user a hands-free service by automatically launching scanning and sending notifications of a potential threat.

  • Cost-effective Solution: Data is analyzed in real time as Qualys WAS is an end-to-end solution; this helps avoid costs associated with managing multiple security vendors.

Reviews from Real Users

Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.

P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."

Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."

Qualys Web Application Scanning was previously known as Qualys WAS.

Qualys Web Application Scanning Customers

BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.

Qualys Web Application Scanning Video

Qualys Web Application Scanning Pricing Advice

What users are saying about Qualys Web Application Scanning pricing:
  • "We are on an annual license for the solution and the pricing could be more affordable."
  • "Qualys WAS' pricing is competitive."
  • Qualys Web Application Scanning Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Sr Cybersecurity Leader at a non-tech company with 1,001-5,000 employees
    Real User
    We like its process of updating signatures, and it's way ahead of its industry peers.
    Pros and Cons
    • "Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
    • "We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."

    What is our primary use case?

    There are two parts. We use Web Application Scanning licenses to constantly assess our websites. When there are any changes on our websites, Qualys checks to see if there is a vulnerability. We use a SecOps/DevOps methodology, so Qualys is integrated into the development cycle. Qualys runs every time we update the site.

    What is most valuable?

    Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers. 

    For how long have I used the solution?

    We have been using Web Application Scanning since 2018. 

    What do I think about the stability of the solution?

    Web Application Scanning is a stable solution.

    Buyer's Guide
    Application Security Tools
    November 2022
    Find out what your peers are saying about Qualys, Veracode, Invicti and others in Application Security Tools. Updated: November 2022.
    653,522 professionals have used our research since 2012.

    What do I think about the scalability of the solution?

    We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans.

    How are customer service and support?

    I've had some issues with Qualys support. It's transactional. There is no face to the support model. I don't see anyone from Qualys engaging with us on a quarterly business or annual business review to help us understand if we are fully utilizing Qualys' capabilities. 

    This isn't a technical problem. It's more of an issue with customer relations. I think they can improve by touching base with us more often to let us know if our rollout is following industry best practices or not. 

    How was the initial setup?

    We used Verizon to help us with the rollout, and there were no trouble tickets or any technical issues with the rollout, so I would say the implementation was pretty smooth. The design-build phase took a couple of weeks.

    What's my experience with pricing, setup cost, and licensing?

    We pay for a yearly license, but we also pay a separate cost for an engineer from Verizon.

    Which other solutions did I evaluate?

    When evaluating Qualys, we looked at industry best practices and state of-art-tools. Qualys was the default leader in its segment, so we went ahead with Qualys. I've used other solutions in the past, but Qualys the segment. That's why we went with them.

    What other advice do I have?

    I rate Qualys Web Application Scanning nine out of 10. I think Web Application Scanning should integrate VMDR, a more enhanced capability that Qualys offers for enterprise vulnerability assessments. However, Qualys is way ahead of the competition on the web application front. 

    If you're an industrial company, you should evaluate the OT scanning capability that Qualys is about to launch. It will cover all your enterprise web applications and secure your factories as well. Qualys should be a one-stop shop meeting all your end-to-end vulnerability assessment requirements, so you don't need to buy solutions from different vendors,

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    S S RAMA KRISHNA MURTHY  SURI - PeerSpot reviewer
    Senior Manager at valuelabs LLP
    MSP
    Top 5
    Helpful support, many great integrations, and lots of reference material
    Pros and Cons
    • "It works with many different products."
    • "There could be better management and faster scanning."

    What is our primary use case?

    We use the solution alongside others for static scanning. It's used for endpoint scanning. 

    What is most valuable?

    The monitor's ability to read the reports, or to do very detailed reports is great. It's good at looking at the different vulnerabilities. Rarely are there security loopholes. It can also suggest ways to mitigate risks and vulnerabilities. 

    There's a lot of great reference material. 

    The integration is great. It works with many different products. 

    What needs improvement?

    There could be better management and faster scanning. An application may have a lot of URLs and complexity. If there are a couple of applications, that complexity multiplies. It can take three or four days to scan. That's too long. It should be maybe three or four hours. 

    For how long have I used the solution?

    We've been using the solution for two years. 

    What do I think about the stability of the solution?

    It's a stable product. There are no bugs or glitches and it doesn't crash or freeze. The solution is reliable. 

    What do I think about the scalability of the solution?

    It leverages the cloud. One of the upsides of that is the scalability that is possible. 

    We have about 500 to 600 people on the solution currently.

    How are customer service and support?

    Technical support is very good whenever we send them a message. They will schedule a call and then they will check in with us until the issue's resolved or until we understand the entire problem and they clarify issues. They're very quick as well.

    How was the initial setup?

    The initial setup, due to the fact that it is the cloud, is very easy. It's a SaaS solution. We don't have to install anything in order to get going. You are on it right away. There is no deployment time to get through. 

    Since it's so quick and immediate, you don't need a big team to get it of the ground. 

    What about the implementation team?

    We were able to handle the implementation ourselves. It's not hard. You don't need consultants or integrators.

    What was our ROI?

    We have seen an ROI and my understanding is that it is pretty good. 

    What's my experience with pricing, setup cost, and licensing?

    I don't directly deal with the licensing aspect of the product. 

    What other advice do I have?

    I'd recommend the solution to others. We haven't had any issues after two years of working with it. 

    I'd rate the solution eight out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Application Security Tools
    November 2022
    Find out what your peers are saying about Qualys, Veracode, Invicti and others in Application Security Tools. Updated: November 2022.
    653,522 professionals have used our research since 2012.
    NagarajSheshachalam - PeerSpot reviewer
    Lead Cyber Security engineer at a tech services company with 201-500 employees
    Real User
    Top 5
    Thorough detection, good visual interface, scalable
    Pros and Cons
    • "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
    • "When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."

    What is our primary use case?

    My company works for another company called Ecolab here in Bangalore. We are an Ecolab digital center, we develop mobile application. We use Vericode and this solution for testing these web applications before going live. This includes the full testing periods and the production phase. Once it has been tested, we then get them ready to go live.

    What is most valuable?

    I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews.

    What needs improvement?

    When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem.

    In the future, customer support could improve and the output report needs to be simplified for better understanding.

    For how long have I used the solution?

    I have been using the solution for the last 12 months.

    What do I think about the scalability of the solution?

    We have expanded the solution in a few areas and it was scalable. We have approximately 50 people using the solution in my organization.

    How are customer service and technical support?

    There is some improvement needed for the technical support.

    Which solution did I use previously and why did I switch?

    We have used Veracode previously and we are currently still using it.

    How was the initial setup?

    The installation is complex and it took approximately one month which included the customization.

    What's my experience with pricing, setup cost, and licensing?

    We are on an annual license for the solution and the pricing could be more affordable.

    Which other solutions did I evaluate?

    We are planning on moving to Veracode because we are getting better results and is easier to use than this solution.

    What other advice do I have?

    My advice to those wanting to implement this solution is if you have experience and knowledge with vulnerability management and reading through all the threats, this could be a good platform for you. If you are a new starter this solution is not a good place to start.

    I rate Qualys Web Application Scanning an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    SandeepKumar1 - PeerSpot reviewer
    Design Engineer at Uop Ipl, Honeywell
    Real User
    Top 10
    Good security options but slow response time and needs more integration
    Pros and Cons
    • "Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
    • "Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."

    What is our primary use case?

    My main use of Qualys WAS is for multifactor authentication for web and mobile applications.

    What is most valuable?

    Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile).

    What needs improvement?

    Sometimes the response time is low because the handshake fails, and then you have to re-login and start again. In the next release, Qualys should include more integration with different applications and single-sign-on protocol.

    For how long have I used the solution?

    I've been using Qualys Web Application Scanning for a year and a half.

    What do I think about the stability of the solution?

    Qualys WAS is stable unless we have a breach.

    What do I think about the scalability of the solution?

    Qualys WAS is scalable.

    How are customer service and support?

    Qualys' technical support is good but could improve its resolution speed.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Previously, I used CA Identity Solutions by Broadcom, which had easier integration, more options for MFA, and biometric options.

    How was the initial setup?

    The initial setup was complex and took about three months to deploy. I would rate the setup experience as four out of five.

    What about the implementation team?

    We used a vendor team.

    What's my experience with pricing, setup cost, and licensing?

    Qualys WAS' pricing is competitive.

    What other advice do I have?

    I would recommend getting the POC done before implementing WAS, especially if there will be a lot of APIs involved in developing the product. Look at how the endpoint security works when the APIs run with a different channel, like web and mobile applications. I would give Qualys WAS a rating of six out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Application Security Tools Report and find out what your peers are saying about Qualys, Veracode, Invicti, and more!
    Updated: November 2022
    Buyer's Guide
    Download our free Application Security Tools Report and find out what your peers are saying about Qualys, Veracode, Invicti, and more!