Qualys Web Application Scanning Reviews

Name: Qualys Web Application Scanning
Brand: Qualys
Rating: 3.9 (38 reviews)

3.9 out of 5

38 reviews
87% willing to recommend

1,155 followers

What is Qualys Web Application Scanning?

Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.

Get the Qualys Web Application Scanning Buyer's Guide and find out what your peers are saying about Qualys Web Application Scanning, SonarQube Server (formerly SonarQube), GitLab and more!

Qualys Web Application Scanning is the #9 ranked solution in AST tools and #12 ranked solution in application security solutions. PeerSpot users give Qualys Web Application Scanning an average rating of 7.8 out of 10. Qualys Web Application Scanning is most commonly compared to SonarQube Server (formerly SonarQube): Qualys Web Application Scanning vs SonarQube Server (formerly SonarQube). Qualys Web Application Scanning is popular among the large enterprise segment, accounting for 67% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 16% of all views.

Buyer's Guide

Qualys Web Application Scanning

March 2025

Get the report

Helped 849,686 peers since 2012

Featured Qualys Web Application Scanning reviews

SubhajitAich

Security Consultant at Cognizant

Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly. Compared to other solutions like Tenable and Rapid7, you need to navigate a lot to get the actual results out of Qualys Web Application Scanning. If I have to search for one thing within the entire console, I have to look for it randomly. It's not very easy and very comfortable to find something. Overall, it's a very good solution, but it will be very good if the tool is more user-friendly.

Read full review

Kelvin Oladipo

Team Lead, Cyber Security at Uridium Technologies

Qualys Web Application Scanning ( /products/qualys-web-application-scanning-reviews ) is user-friendly, easy to understand, easy to use, and easy to deploy. Credential scanning is very effective because it goes in-depth into the system, crawling the pages, and reporting on vulnerabilities. The product helps by providing options for remediating vulnerabilities it finds, making it really useful.

Read full review

Koketso Ditlhage

Information Communication Technology Specialist at UNIVERSITY OF JOHANNESBURG

The scalability of the software could be better. Its licenses are distributed through a third-party supplier at the moment. Thus, it becomes a problem in managing the numbers. The licenses stay the same, but the numbers keep on going up. I currently have 600 assets. If I go for a three-year contract, it will increase by 900 assets. It would have been great if we had direct contact with Qualys for sales and support. In the future, we plan to increase the number of users. In my team, we have three members, and the team working on the risk scan consists of six members. Overall, there are about ten users in our environment. I rate the scalability a five out of ten.

Read full review

Qualys Web Application Scanning mindshare

Product category:

As of April 2025, the mindshare of Qualys Web Application Scanning in the Application Security Tools category stands at 2.0%, down from 2.2% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools

PeerResearch reports based on Qualys Web Application Scanning reviews

Type	Title	Date
Category	Application Security Tools	Apr 30, 2025	Download
Product	Reviews, tips, and advice from real users	Apr 30, 2025	Download
Comparison	Qualys Web Application Scanning vs SonarQube Server (formerly SonarQube)	Apr 30, 2025	Download
Comparison	Qualys Web Application Scanning vs Veracode	Apr 30, 2025	Download
Comparison	Qualys Web Application Scanning vs Checkmarx One	Apr 30, 2025	Download

Title	Rating	Mindshare	Recommending
SonarQube Server (formerly SonarQube)	4.0	25.1%	81%	114 interviews Add to research
GitLab	4.3	3.0%	97%	82 interviews Add to research

Valuable Features

Qualys Web Application Scanning's most valuable features include integration with Selenium IDE, effective zero-day vulnerability protection, OWASP Top 10 and PCI-ASV scanning, ease of setup, comprehensive reporting, high accuracy with minimal false positives, robust patch and vulnerability management, seamless API integration for automation, and user-friendly interface. Users appreciate its scalability, cloud-based accessibility, detailed alerts, efficient remediation options, and capacity for scheduled scanning during off-hours. It is particularly effective in continuous monitoring and supporting DevOps integration.

"Qualys Web Application Scanning is robust and mature from industry standards."
"Qualys Web Application Scanning is accurate and provides minimal false positives."
"Qualys Web Application Scanning is user-friendly, easy to understand, easy to use, and easy to deploy."

Room for Improvement

Qualys Web Application Scanning has challenges in identifying XSS issues, managing false positives, and lacking zero-day patch coverage. Asset organization is complex and the interface isn't user-friendly. Integration and automation options require enhancement, while licensing is challenging for DevOps. Pricing and deployment complexity need adjustments. Reporting and scanning speed require optimization. Improvements in authenticated scanning and API integration would benefit users. Enhanced compliance features beyond OWASP and LLM-based vulnerability support are desired.

"I have dealt with Qualys's technical support, and any enhancements are challenging. I would rate them a five out of ten."
"New features need to be added, specifically LLM-based solutions."
"I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus."

ROI

Organizations report significant ROI from using Qualys Web Application Scanning, citing improved visibility and competitive licensing despite scalability challenges. Users note good investment returns, scalability, and no operational costs for installation. Automation reduces scanning and scheduling time by approximately 70%, and web application failure rates dropped from 20% to 2% over five years. Some users remain uncertain about long-term ROI due to a shorter usage period.

Pricing

Enterprise buyers find Qualys Web Application Scanning somewhat expensive, with annual licensing often considered high compared to competitors. Licensing is flexible, based on the number of assets or subscription, and discounts are available for bulk purchases. Pricing includes maintenance and potential consultancy services. The "bring your own licenses" model might need clarification upfront. While some deem it cost-effective with competitive pricing, others feel the costs should be more affordable.

"The product pricing is fair and reasonably priced."
"From my perspective, it is a budget-friendly option."
"Qualys Web Application Scanning's pricing is a bit expensive compared to other solutions available in the market."

Popular Use Cases

Organizations use Qualys Web Application Scanning for various purposes, including scanning public-facing web applications, conducting penetration testing, and identifying vulnerabilities during deployment. It aids in vulnerability management, compliance requirements, and infrastructure scanning. Many integrate it into CI/CD pipelines, leveraging its accuracy and low false positives for security auditing. Companies from diverse sectors, such as education and banking, utilize it to maintain application and infrastructure security across multiple platforms and environments.

Service and Support

Qualys Web Application Scanning's customer service is generally perceived as good, though some find it lacking personalization. Technical support is often praised for being responsive, efficient, and accessible with multiple communication channels. However, speed in resolving issues could improve. Some users emphasize that support depends on the representative handling the case, and documentation sometimes assists resolution. Some experience effective problem-solving, while others report challenges with ongoing customer business engagement.

Deployment

Many users found Qualys Web Application Scanning's initial setup to be straightforward and user-friendly. Some reported no installation issues, citing the cloud-based nature as simplifying deployment. However, others experienced complexity with internal configurations and connecting virtual machines. Integration into CI/CD pipelines took longer due to licensing and documentation challenges. Deployment time varied, with most setups described as uncomplicated, though some required weeks or months, particularly when transitioning from other systems.

Scalability

Qualys Web Application Scanning is praised for its scalability, particularly thanks to its cloud-based nature. Many users appreciate its ability to scale without significant configuration changes, making expansion straightforward. While most find it highly scalable, some experience issues with concurrent scan limitations and third-party licensing. The majority rate its scalability positively, catering to both small and large-scale environments effortlessly.

Stability

Users report high stability for Qualys Web Application Scanning. Many encounter no issues, finding it reliable across various environments. Most rate its stability between eight and nine out of ten. The platform shows consistent performance without significant downtime. Some mention minor bugs addressed promptly. While a few desire improvements, the consensus remains that it's a robust and dependable tool with minimal disruptions.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Qualys Web Application Scanning Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

16%

Financial Services Firm

15%

Manufacturing Company

10%

Government

Insurance Company

Retailer

Healthcare Company

Comms Service Provider

Educational Organization

University

Real Estate/Law Firm

Media Company

Energy/Utilities Company

Wholesaler/Distributor

Construction Company

Non Profit

Performing Arts

Transportation Company

Hospitality Company

Logistics Company

Consumer Goods Company

Outsourcing Company

Pharma/Biotech Company

Recreational Facilities/Services Company

Legal Firm

Marketing Services Firm

Engineering Company

Compare Qualys Web Application Scanning with alternative products

Learn more about Qualys Web Application Scanning

Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.

Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:

Deep Scanning: All apps and APIs on your internal network and public cloud are covered by Qualys WAS deep scanning to show you any visible vulnerabilities.
DevSec Ops Tool: Detect security issues in your code while still in app development stages and generate comprehensive reports.
Comprehensive Discovery: Discover and catalog new and unknown web apps in your network.
Malware Detection: Scan a website, identify vulnerabilities, and receive alerts to any infections.

Benefits of Qualys Web Application Scanning

Qualys Web Application Scanning offers many benefits, including:

Quick Deployment: Requires no infrastructure or software to upkeep.
Effortless Scalability: Effortlessly launch a deep scan and protect thousands of websites.
Centralized Management: Manage and mend all web app vulnerabilities through a single interface.
Excellent Integration Capabilities: Integrates with Qualys Web App Firewall (WAF) for a single-click virtual patching of found vulnerabilities.
Respond to Threats Immediately: Qualys Continuous Monitoring offers the user a hands-free service by automatically launching scanning and sending notifications of a potential threat.
Cost-effective Solution: Data is analyzed in real time as Qualys WAS is an end-to-end solution; this helps avoid costs associated with managing multiple security vendors.

Reviews from Real Users

Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.

P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."

Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."

Qualys Web Application Scanning was previously known as Qualys WAS.

Qualys Web Application Scanning customers

BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.