We changed our name from IT Central Station: Here's why

Qualys Web Application Scanning OverviewUNIXBusinessApplication

Qualys Web Application Scanning is #9 ranked solution in AST tools and #12 ranked solution in application security tools. PeerSpot users give Qualys Web Application Scanning an average rating of 8 out of 10. Qualys Web Application Scanning is most commonly compared to OWASP Zap: Qualys Web Application Scanning vs OWASP Zap. The top industry researching this solution are professionals from a computer software company, accounting for 30% of all views.
What is Qualys Web Application Scanning?
Qualys Web Application Scanning (WAS) is a cloud service that provides automated crawling and testing of custom web applications to identify vulnerabilities including cross-site scripting (XSS) and SQL injection. The automated service enables regular testing that produces consistent results, reduces false positives, and easily scales to secure a large number of websites. Proactively scans websites for malware infections, sending alerts to website owners to help prevent black listing and brand reputation damage.

Qualys Web Application Scanning was previously known as Qualys WAS.

Buyer's Guide

Download the Application Security Buyer's Guide including reviews and more. Updated: January 2022

Qualys Web Application Scanning Customers
BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
Qualys Web Application Scanning Video

Qualys Web Application Scanning Pricing Advice

What users are saying about Qualys Web Application Scanning pricing:
  • "The cost is $30,000 USD for one year to cover WAS (Web Application Security) and the VM (Virtual Machine) security in a company with 200 employees."
  • "We are on an annual license for the solution and the pricing could be more affordable."
  • "There are different options available with respect to licensing."
  • Qualys Web Application Scanning Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Senior Software Developer at a tech vendor with 1,001-5,000 employees
    Real User
    Has a good progressive scan feature but the data server needs improvement
    Pros and Cons
    • "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
    • "The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."

    What is our primary use case?

    I think we have the fastest version, and they always upgrade it. I think it's the $2 or $3-a-month version. They have multiple engines inside it, but it's a site-based service. It is not on-demand, so Qualys will host it. It's the pay as you go service that is on the software-as-a-service. 

    We use the DAST, dynamic application scan test.

    What is most valuable?

    The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours.

    What needs improvement?

    One area that could be improved is the a data server. That's probably what I most noticed in comparison with the Rapid7. Also, the UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs. This is not good. 

    Additionally, you don't have a recording feature, where you can record your screen navigation. Like a macro, you want to create the full screen, and they don't provide a tool which can record your navigation and then do a replay.

    In terms of what should be included in the next release, like I mentioned, just the UI, the user interface screen. Also, it would be good If they could improve and enrich the reports. These are the fundamental differences with Rapid7.

    For how long have I used the solution?

    I have been using Qualys Web Application Scanning for five years.

    What do I think about the stability of the solution?

    Qualys Web Application Scanning is very stable and reliable. But the reporting does not look that great.

    What do I think about the scalability of the solution?

    In terms of scalability, it is very easy to expand. It's very fast and visible.

    We don't have many people working on the solution. But our applications are big applications. We are using six components in different applications.

    How are customer service and technical support?

    Support is very good.

    How was the initial setup?

    Because of tasking, the initial setup is very straightforward. We didn't have to purchase any hardware for the installation. It is task-based. The cloud provision is there. It is good. I think nowadays everyone is going with the cloud provisioning. That way you can subscribe for any number of years to use the software. 

    I think the initial setup took a couple of hours because there were no plugins and nothing to be installed.

    What about the implementation team?

    We implemented it ourselves and there was no installation expert here.

    Which other solutions did I evaluate?

    Yes, we are still comparing it with Rapid7. We want to first make assessments of what advantages we can get with Rapid7.

    What other advice do I have?

    My advice for anyone considering this solution is, "Go for it." 

    On a scale of one to ten, I would give Qualys Web Application Scanning a seven.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Data Specialist at CHUN SHIN LIMITED
    Real User
    Top 20
    Easy to use for detection of WAS and VM vulnerabilities
    Pros and Cons
    • "It is easy to use."
    • "It is a very stable solution."
    • "The reporting contains too many false positives."
    • "The virus code updates are not frequent enough."
    • "Deployment can be complicated."

    What is our primary use case?

    We are using Qualys for vulnerability detection in our IDC (International Data Center) on our web pages and world-wide-web applications and services.  

    What is most valuable?

    The best thing about this product is that it is really easy to use.  

    What needs improvement?

    We are concerned with the frequency of their virus code updates and reporting that contains false positives. We do not think that the accuracy of the reporting is as good as it should be.  

    It would be nice if Qualys would provide a solution after analyzing the data for us so we can understand what the cause of a vulnerability is and how to fix it. It would be good enough to provide something like just a download page that describes the problem and the steps to take to resolve the vulnerability.  

    We are researching open source software because Qualys needs to improve their reports and the documentation for the end-users in resolving scanned issues.  

    Sometimes the deployment is complicated. It is not so easy to deploy and that should be simplified. Something like Zap or other open-source software is often easier to deploy.  

    For how long have I used the solution?

    I am in the IT department in our company and we have been using Qualys for three years.  

    What do I think about the stability of the solution?

    Qualys is a very stable solution for us. We have not had trouble with downtime.   

    What do I think about the scalability of the solution?

    We get a license to use this application for up to a year and we file for a license every year to renew. We would need to renew this license in September of 2020, so we will need to make a decision whether we will be continuing to use Qualys as a solution.  

    How was the initial setup?

    Sometimes the deployment is complicated. The deployment should be easier and more consistent.  

    What's my experience with pricing, setup cost, and licensing?

    The cost of the solution should be lower. In our company now, we only have 200 employees. For us, the license fee is kind of expensive. The cost is $30,000 USD for one year to cover WAS (Web Application Security) and the VM (Virtual Machine) security. That price includes maintenance and any consulting with Qualys.  

    What other advice do I have?

    I would recommend Qualys if the budget is not a problem. There may be other open-source solutions that could be used to perform a similar analysis.   

    On a scale from one to ten (where one is the worst and ten is the best), I would rate this solution as an eight-out-of-ten.  

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Find out what your peers are saying about Qualys, Veracode, Acunetix and others in Application Security. Updated: January 2022.
    564,322 professionals have used our research since 2012.
    NagarajSheshachalam
    Lead Cyber Security engineer at a tech services company with 201-500 employees
    Real User
    Top 5
    Thorough detection, good visual interface, scalable
    Pros and Cons
    • "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
    • "When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."

    What is our primary use case?

    My company works for another company called Ecolab here in Bangalore. We are an Ecolab digital center, we develop mobile application. We use Vericode and this solution for testing these web applications before going live. This includes the full testing periods and the production phase. Once it has been tested, we then get them ready to go live.

    What is most valuable?

    I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews.

    What needs improvement?

    When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem.

    In the future, customer support could improve and the output report needs to be simplified for better understanding.

    For how long have I used the solution?

    I have been using the solution for the last 12 months.

    What do I think about the scalability of the solution?

    We have expanded the solution in a few areas and it was scalable. We have approximately 50 people using the solution in my organization.

    How are customer service and technical support?

    There is some improvement needed for the technical support.

    Which solution did I use previously and why did I switch?

    We have used Veracode previously and we are currently still using it.

    How was the initial setup?

    The installation is complex and it took approximately one month which included the customization.

    What's my experience with pricing, setup cost, and licensing?

    We are on an annual license for the solution and the pricing could be more affordable.

    Which other solutions did I evaluate?

    We are planning on moving to Veracode because we are getting better results and is easier to use than this solution.

    What other advice do I have?

    My advice to those wanting to implement this solution is if you have experience and knowledge with vulnerability management and reading through all the threats, this could be a good platform for you. If you are a new starter this solution is not a good place to start.

    I rate Qualys Web Application Scanning an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Security Analyst at a tech services company with 10,001+ employees
    Real User
    Top 20
    User-friendly, good scanning analysis and reporting, and offers real-time vulnerability monitoring
    Pros and Cons
    • "The interface is user-friendly and easy to understand."
    • "The scanner reports a lot of false positives, which is something that needs to be improved."

    What is our primary use case?

    We primarily use this solution for VM scanning. We scan more than a thousand applications.

    What is most valuable?

    The most valuable features are scanning analysis and reporting.

    This solution also provides real-time monitoring.

    The interface is user-friendly and easy to understand.

    What needs improvement?

    The reporting needs to be improved because there are a lot of search parameters, and at the end of the day, the reports are so large that it is very difficult for us to go through each and every point to analyze the vulnerabilities.

    The scanner reports a lot of false positives, which is something that needs to be improved.

    For how long have I used the solution?

    We have been using Qualys for almost a year.

    What do I think about the stability of the solution?

    The stability is good.

    What do I think about the scalability of the solution?

    In terms of scalability, Qualys is good.

    How are customer service and technical support?

    I have not dealt with technical support yet because there are other people dealing with issues that arise. My understanding is that technical support is good.

    Which solution did I use previously and why did I switch?

    I have also used the Nexus Vulnerability Scanner and it reports fewer false positives.

    How was the initial setup?

    This solution was implemented before I joined the department.

    What's my experience with pricing, setup cost, and licensing?

    There are different options available with respect to licensing.

    What other advice do I have?

    I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: partner
    Buyer's Guide
    Download our free Application Security Report and find out what your peers are saying about Qualys, Veracode, Acunetix, and more!