Qualys Web Application Scanning Reviews

The primary use case includes scanning the web applications that are public facing.

The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera.

There should be better visibility into the application.

Our customers have been using this solution for more than three years now.

It is a stable solution.

It is a cloud-based solution, so it is easy to scale.

We work with enterprise-level clients with over 2500 endpoints.

The customer service and support are good.

I would say Qualys is on the better side. It's more about the performance and the quality of the product because it's been around for a long time.

The initial setup is relatively easy. The installation process is quite straightforward, making it user-friendly.

The duration of deployment varies depending on the complexity of the customer's environment and their implementation status. We ensure to accommodate the customer's preferred implementation pace.

We normally purchase an annual license. There are additional costs. From Qualys, it's for the license and maintenance, which includes patches and stuff like that. Additionally, we have our own service delivery costs.

Qualys is a stable and reliable solution. It has been around for a long time.

Overall, I would rate the solution an eight out of ten. There is scope for improvement. It is still an early technology.

The primary use case includes scanning the web applications that are public facing.

The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera.

There should be better visibility into the application. 

Our customers have been using this solution for more than three years now.

It is a stable solution.

It is a cloud-based solution, so it is easy to scale. 

We work with enterprise-level clients with over 2500 endpoints. 

The customer service and support are good.

Positive

I would say Qualys is on the better side. It's more about the performance and the quality of the product because it's been around for a long time.

The initial setup is easy. 

The time taken for implementation depends on the customer's environment. It could take around a month, depending on the module. 

We have a team of two to three people to implement at the enterprise level. Moreover, it is easy to maintain. 

We normally purchase an annual license. There are additional costs. From Qualys, it's for the license and maintenance, which includes patches and stuff like that. Additionally, we have our own service delivery costs.

I'm familiar with all of the Qualys-based products because we partner with Qualys, so I have a local contact in New Zealand who helps me with all the technical information.

Moreover, I'm a pre-sales specialist, so I recommend the solution to our potential customers and then we implement through another team for customers.

Qualys is a stable and reliable solution. It has been around for a long time.

Overall, I would rate the solution an eight out of ten. There is scope for improvement. It is still an early technology. 

There are two parts. We use Web Application Scanning licenses to constantly assess our websites. When there are any changes on our websites, Qualys checks to see if there is a vulnerability. We use a SecOps/DevOps methodology, so Qualys is integrated into the development cycle. Qualys runs every time we update the site.

Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers. 

We have been using Web Application Scanning since 2018. 

Web Application Scanning is a stable solution.

We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans.

I've had some issues with Qualys support. It's transactional. There is no face to the support model. I don't see anyone from Qualys engaging with us on a quarterly business or annual business review to help us understand if we are fully utilizing Qualys' capabilities. 

This isn't a technical problem. It's more of an issue with customer relations. I think they can improve by touching base with us more often to let us know if our rollout is following industry best practices or not. 

We used Verizon to help us with the rollout, and there were no trouble tickets or any technical issues with the rollout, so I would say the implementation was pretty smooth. The design-build phase took a couple of weeks.

We pay for a yearly license, but we also pay a separate cost for an engineer from Verizon.

When evaluating Qualys, we looked at industry best practices and state of-art-tools. Qualys was the default leader in its segment, so we went ahead with Qualys. I've used other solutions in the past, but Qualys the segment. That's why we went with them.

I rate Qualys Web Application Scanning nine out of 10. I think Web Application Scanning should integrate VMDR, a more enhanced capability that Qualys offers for enterprise vulnerability assessments. However, Qualys is way ahead of the competition on the web application front. 

If you're an industrial company, you should evaluate the OT scanning capability that Qualys is about to launch. It will cover all your enterprise web applications and secure your factories as well. Qualys should be a one-stop shop meeting all your end-to-end vulnerability assessment requirements, so you don't need to buy solutions from different vendors,

My company works for another company called Ecolab here in Bangalore. We are an Ecolab digital center, we develop mobile application. We use Vericode and this solution for testing these web applications before going live. This includes the full testing periods and the production phase. Once it has been tested, we then get them ready to go live.

I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews.

When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem.

In the future, customer support could improve and the output report needs to be simplified for better understanding.

I have been using the solution for the last 12 months.

We have expanded the solution in a few areas and it was scalable. We have approximately 50 people using the solution in my organization.

There is some improvement needed for the technical support.

We have used Veracode previously and we are currently still using it.

The installation is complex and it took approximately one month which included the customization.

We are on an annual license for the solution and the pricing could be more affordable.

We are planning on moving to Veracode because we are getting better results and is easier to use than this solution.

My advice to those wanting to implement this solution is if you have experience and knowledge with vulnerability management and reading through all the threats, this could be a good platform for you. If you are a new starter this solution is not a good place to start.

I rate Qualys Web Application Scanning an eight out of ten.

We are using Qualys for vulnerability detection in our IDC (International Data Center) on our web pages and world-wide-web applications and services.  

The best thing about this product is that it is really easy to use.  

We are concerned with the frequency of their virus code updates and reporting that contains false positives. We do not think that the accuracy of the reporting is as good as it should be.  

It would be nice if Qualys would provide a solution after analyzing the data for us so we can understand what the cause of a vulnerability is and how to fix it. It would be good enough to provide something like just a download page that describes the problem and the steps to take to resolve the vulnerability.  

We are researching open source software because Qualys needs to improve their reports and the documentation for the end-users in resolving scanned issues.  

Sometimes the deployment is complicated. It is not so easy to deploy and that should be simplified. Something like Zap or other open-source software is often easier to deploy.  

I am in the IT department in our company and we have been using Qualys for three years.  

Qualys is a very stable solution for us. We have not had trouble with downtime.   

We get a license to use this application for up to a year and we file for a license every year to renew. We would need to renew this license in September of 2020, so we will need to make a decision whether we will be continuing to use Qualys as a solution.  

Sometimes the deployment is complicated. The deployment should be easier and more consistent.  

The cost of the solution should be lower. In our company now, we only have 200 employees. For us, the license fee is kind of expensive. The cost is $30,000 USD for one year to cover WAS (Web Application Security) and the VM (Virtual Machine) security. That price includes maintenance and any consulting with Qualys.  

I would recommend Qualys if the budget is not a problem. There may be other open-source solutions that could be used to perform a similar analysis.   

On a scale from one to ten (where one is the worst and ten is the best), I would rate this solution as an eight-out-of-ten.  

I think we have the fastest version, and they always upgrade it. I think it's the $2 or $3-a-month version. They have multiple engines inside it, but it's a site-based service. It is not on-demand, so Qualys will host it. It's the pay as you go service that is on the software-as-a-service. 

We use the DAST, dynamic application scan test.

The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours.

One area that could be improved is the a data server. That's probably what I most noticed in comparison with the Rapid7. Also, the UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs. This is not good. 

Additionally, you don't have a recording feature, where you can record your screen navigation. Like a macro, you want to create the full screen, and they don't provide a tool which can record your navigation and then do a replay.

In terms of what should be included in the next release, like I mentioned, just the UI, the user interface screen. Also, it would be good If they could improve and enrich the reports. These are the fundamental differences with Rapid7.

I have been using Qualys Web Application Scanning for five years.

Qualys Web Application Scanning is very stable and reliable. But the reporting does not look that great.

In terms of scalability, it is very easy to expand. It's very fast and visible.

We don't have many people working on the solution. But our applications are big applications. We are using six components in different applications.

Support is very good.

Because of tasking, the initial setup is very straightforward. We didn't have to purchase any hardware for the installation. It is task-based. The cloud provision is there. It is good. I think nowadays everyone is going with the cloud provisioning. That way you can subscribe for any number of years to use the software. 

I think the initial setup took a couple of hours because there were no plugins and nothing to be installed.

We implemented it ourselves and there was no installation expert here.

Yes, we are still comparing it with Rapid7. We want to first make assessments of what advantages we can get with Rapid7.

My advice for anyone considering this solution is, "Go for it." 

On a scale of one to ten, I would give Qualys Web Application Scanning a seven.

We primarily use Qualys Web Application Scanning for website penetration testing.

It is a good product for website penetration testing to detect vulnerabilities.

The product's pricing could be better.

We have been using Qualys Web Application Scanning for less than a year.

The platform has good stability.

It is a scalable product.

The technical support services are good.

Qualys Web Application Scanning is easy to deploy.

It is an expensive platform.

Qualys Web Application Scanning is easy to use and deploy. I rate it a nine out of ten. However, it could be less expensive compared to other open-source tools.

We are using Qualys Web Application Scanning for our customers. We have the expertise in the solution to provide our customers with the results.

We use the tool for scanning web applications for our clients.

The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done.

We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error.

I have been using Qualys Web Application Scanning for approximately five years.

The stability of Qualys Web Application Scanning could be better.

I rate the stability of Qualys Web Application Scanning an eight out of ten.

Qualys Web Application Scanning has been scalable we have not had any problems in our operations.

The initial setup of Qualys Web Application Scanning is simple for us. However, we have trained engineers that are registered. The deployment did not take very long.

We do the migration for our customers and provide them with testing results. One person can do the implementation of the solution.

I would recommend this solution to others.

I rate Qualys Web Application Scanning a seven out of ten.