Qualys Web Application Scanning Reviews

We use the solution alongside others for static scanning. It's used for endpoint scanning. 

The monitor's ability to read the reports, or to do very detailed reports is great. It's good at looking at the different vulnerabilities. Rarely are there security loopholes. It can also suggest ways to mitigate risks and vulnerabilities. 

There's a lot of great reference material. 

The integration is great. It works with many different products. 

There could be better management and faster scanning. An application may have a lot of URLs and complexity. If there are a couple of applications, that complexity multiplies. It can take three or four days to scan. That's too long. It should be maybe three or four hours. 

We've been using the solution for two years. 

It's a stable product. There are no bugs or glitches and it doesn't crash or freeze. The solution is reliable. 

It leverages the cloud. One of the upsides of that is the scalability that is possible. 

We have about 500 to 600 people on the solution currently.

Technical support is very good whenever we send them a message. They will schedule a call and then they will check in with us until the issue's resolved or until we understand the entire problem and they clarify issues. They're very quick as well.

The initial setup, due to the fact that it is the cloud, is very easy. It's a SaaS solution. We don't have to install anything in order to get going. You are on it right away. There is no deployment time to get through. 

Since it's so quick and immediate, you don't need a big team to get it of the ground. 

We were able to handle the implementation ourselves. It's not hard. You don't need consultants or integrators.

We have seen an ROI and my understanding is that it is pretty good. 

I don't directly deal with the licensing aspect of the product. 

I'd recommend the solution to others. We haven't had any issues after two years of working with it. 

I'd rate the solution eight out of ten.

My main use of Qualys WAS is for multifactor authentication for web and mobile applications.

Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile).

Sometimes the response time is low because the handshake fails, and then you have to re-login and start again. In the next release, Qualys should include more integration with different applications and single-sign-on protocol.

I've been using Qualys Web Application Scanning for a year and a half.

Qualys WAS is stable unless we have a breach.

Qualys WAS is scalable.

Qualys' technical support is good but could improve its resolution speed.

Positive

Previously, I used CA Identity Solutions by Broadcom, which had easier integration, more options for MFA, and biometric options.

The initial setup was complex and took about three months to deploy. I would rate the setup experience as four out of five.

We used a vendor team.

Qualys WAS' pricing is competitive.

I would recommend getting the POC done before implementing WAS, especially if there will be a lot of APIs involved in developing the product. Look at how the endpoint security works when the APIs run with a different channel, like web and mobile applications. I would give Qualys WAS a rating of six out of ten.

There are two parts. We use Web Application Scanning licenses to constantly assess our websites. When there are any changes on our websites, Qualys checks to see if there is a vulnerability. We use a SecOps/DevOps methodology, so Qualys is integrated into the development cycle. Qualys runs every time we update the site.

Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers. 

We have been using Web Application Scanning since 2018. 

Web Application Scanning is a stable solution.

We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans.

I've had some issues with Qualys support. It's transactional. There is no face to the support model. I don't see anyone from Qualys engaging with us on a quarterly business or annual business review to help us understand if we are fully utilizing Qualys' capabilities. 

This isn't a technical problem. It's more of an issue with customer relations. I think they can improve by touching base with us more often to let us know if our rollout is following industry best practices or not. 

We used Verizon to help us with the rollout, and there were no trouble tickets or any technical issues with the rollout, so I would say the implementation was pretty smooth. The design-build phase took a couple of weeks.

We pay for a yearly license, but we also pay a separate cost for an engineer from Verizon.

When evaluating Qualys, we looked at industry best practices and state of-art-tools. Qualys was the default leader in its segment, so we went ahead with Qualys. I've used other solutions in the past, but Qualys the segment. That's why we went with them.

I rate Qualys Web Application Scanning nine out of 10. I think Web Application Scanning should integrate VMDR, a more enhanced capability that Qualys offers for enterprise vulnerability assessments. However, Qualys is way ahead of the competition on the web application front. 

If you're an industrial company, you should evaluate the OT scanning capability that Qualys is about to launch. It will cover all your enterprise web applications and secure your factories as well. Qualys should be a one-stop shop meeting all your end-to-end vulnerability assessment requirements, so you don't need to buy solutions from different vendors,

My company works for another company called Ecolab here in Bangalore. We are an Ecolab digital center, we develop mobile application. We use Vericode and this solution for testing these web applications before going live. This includes the full testing periods and the production phase. Once it has been tested, we then get them ready to go live.

I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews.

When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem.

In the future, customer support could improve and the output report needs to be simplified for better understanding.

I have been using the solution for the last 12 months.

We have expanded the solution in a few areas and it was scalable. We have approximately 50 people using the solution in my organization.

There is some improvement needed for the technical support.

We have used Veracode previously and we are currently still using it.

The installation is complex and it took approximately one month which included the customization.

We are on an annual license for the solution and the pricing could be more affordable.

We are planning on moving to Veracode because we are getting better results and is easier to use than this solution.

My advice to those wanting to implement this solution is if you have experience and knowledge with vulnerability management and reading through all the threats, this could be a good platform for you. If you are a new starter this solution is not a good place to start.

I rate Qualys Web Application Scanning an eight out of ten.

We are using Qualys for vulnerability detection in our IDC (International Data Center) on our web pages and world-wide-web applications and services.  

The best thing about this product is that it is really easy to use.  

We are concerned with the frequency of their virus code updates and reporting that contains false positives. We do not think that the accuracy of the reporting is as good as it should be.  

It would be nice if Qualys would provide a solution after analyzing the data for us so we can understand what the cause of a vulnerability is and how to fix it. It would be good enough to provide something like just a download page that describes the problem and the steps to take to resolve the vulnerability.  

We are researching open source software because Qualys needs to improve their reports and the documentation for the end-users in resolving scanned issues.  

Sometimes the deployment is complicated. It is not so easy to deploy and that should be simplified. Something like Zap or other open-source software is often easier to deploy.  

I am in the IT department in our company and we have been using Qualys for three years.  

Qualys is a very stable solution for us. We have not had trouble with downtime.   

We get a license to use this application for up to a year and we file for a license every year to renew. We would need to renew this license in September of 2020, so we will need to make a decision whether we will be continuing to use Qualys as a solution.  

Sometimes the deployment is complicated. The deployment should be easier and more consistent.  

The cost of the solution should be lower. In our company now, we only have 200 employees. For us, the license fee is kind of expensive. The cost is $30,000 USD for one year to cover WAS (Web Application Security) and the VM (Virtual Machine) security. That price includes maintenance and any consulting with Qualys.  

I would recommend Qualys if the budget is not a problem. There may be other open-source solutions that could be used to perform a similar analysis.   

On a scale from one to ten (where one is the worst and ten is the best), I would rate this solution as an eight-out-of-ten.  

I think we have the fastest version, and they always upgrade it. I think it's the $2 or $3-a-month version. They have multiple engines inside it, but it's a site-based service. It is not on-demand, so Qualys will host it. It's the pay as you go service that is on the software-as-a-service. 

We use the DAST, dynamic application scan test.

The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours.

One area that could be improved is the a data server. That's probably what I most noticed in comparison with the Rapid7. Also, the UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs. This is not good. 

Additionally, you don't have a recording feature, where you can record your screen navigation. Like a macro, you want to create the full screen, and they don't provide a tool which can record your navigation and then do a replay.

In terms of what should be included in the next release, like I mentioned, just the UI, the user interface screen. Also, it would be good If they could improve and enrich the reports. These are the fundamental differences with Rapid7.

I have been using Qualys Web Application Scanning for five years.

Qualys Web Application Scanning is very stable and reliable. But the reporting does not look that great.

In terms of scalability, it is very easy to expand. It's very fast and visible.

We don't have many people working on the solution. But our applications are big applications. We are using six components in different applications.

Support is very good.

Because of tasking, the initial setup is very straightforward. We didn't have to purchase any hardware for the installation. It is task-based. The cloud provision is there. It is good. I think nowadays everyone is going with the cloud provisioning. That way you can subscribe for any number of years to use the software. 

I think the initial setup took a couple of hours because there were no plugins and nothing to be installed.

We implemented it ourselves and there was no installation expert here.

Yes, we are still comparing it with Rapid7. We want to first make assessments of what advantages we can get with Rapid7.

My advice for anyone considering this solution is, "Go for it." 

On a scale of one to ten, I would give Qualys Web Application Scanning a seven.

We primarily use Qualys Web Application Scanning for website penetration testing.

It is a good product for website penetration testing to detect vulnerabilities.

The product's pricing could be better.

We have been using Qualys Web Application Scanning for less than a year.

The platform has good stability.

It is a scalable product.

The technical support services are good.

Qualys Web Application Scanning is easy to deploy.

It is an expensive platform.

Qualys Web Application Scanning is easy to use and deploy. I rate it a nine out of ten. However, it could be less expensive compared to other open-source tools.

We are using Qualys Web Application Scanning for our customers. We have the expertise in the solution to provide our customers with the results.

We use the tool for scanning web applications for our clients.

The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done.

We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error.

I have been using Qualys Web Application Scanning for approximately five years.

The stability of Qualys Web Application Scanning could be better.

I rate the stability of Qualys Web Application Scanning an eight out of ten.

Qualys Web Application Scanning has been scalable we have not had any problems in our operations.

The initial setup of Qualys Web Application Scanning is simple for us. However, we have trained engineers that are registered. The deployment did not take very long.

We do the migration for our customers and provide them with testing results. One person can do the implementation of the solution.

I would recommend this solution to others.

I rate Qualys Web Application Scanning a seven out of ten.