Qualys Web Application Scanning Reviews

There are two parts. We use Web Application Scanning licenses to constantly assess our websites. When there are any changes on our websites, Qualys checks to see if there is a vulnerability. We use a SecOps/DevOps methodology, so Qualys is integrated into the development cycle. Qualys runs every time we update the site.

Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers. 

We have been using Web Application Scanning since 2018. 

Web Application Scanning is a stable solution.

We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans.

I've had some issues with Qualys support. It's transactional. There is no face to the support model. I don't see anyone from Qualys engaging with us on a quarterly business or annual business review to help us understand if we are fully utilizing Qualys' capabilities. 

This isn't a technical problem. It's more of an issue with customer relations. I think they can improve by touching base with us more often to let us know if our rollout is following industry best practices or not. 

We used Verizon to help us with the rollout, and there were no trouble tickets or any technical issues with the rollout, so I would say the implementation was pretty smooth. The design-build phase took a couple of weeks.

We pay for a yearly license, but we also pay a separate cost for an engineer from Verizon.

When evaluating Qualys, we looked at industry best practices and state of-art-tools. Qualys was the default leader in its segment, so we went ahead with Qualys. I've used other solutions in the past, but Qualys the segment. That's why we went with them.

I rate Qualys Web Application Scanning nine out of 10. I think Web Application Scanning should integrate VMDR, a more enhanced capability that Qualys offers for enterprise vulnerability assessments. However, Qualys is way ahead of the competition on the web application front. 

If you're an industrial company, you should evaluate the OT scanning capability that Qualys is about to launch. It will cover all your enterprise web applications and secure your factories as well. Qualys should be a one-stop shop meeting all your end-to-end vulnerability assessment requirements, so you don't need to buy solutions from different vendors,

My company works for another company called Ecolab here in Bangalore. We are an Ecolab digital center, we develop mobile application. We use Vericode and this solution for testing these web applications before going live. This includes the full testing periods and the production phase. Once it has been tested, we then get them ready to go live.

I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews.

When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem.

In the future, customer support could improve and the output report needs to be simplified for better understanding.

I have been using the solution for the last 12 months.

We have expanded the solution in a few areas and it was scalable. We have approximately 50 people using the solution in my organization.

There is some improvement needed for the technical support.

We have used Veracode previously and we are currently still using it.

The installation is complex and it took approximately one month which included the customization.

We are on an annual license for the solution and the pricing could be more affordable.

We are planning on moving to Veracode because we are getting better results and is easier to use than this solution.

My advice to those wanting to implement this solution is if you have experience and knowledge with vulnerability management and reading through all the threats, this could be a good platform for you. If you are a new starter this solution is not a good place to start.

I rate Qualys Web Application Scanning an eight out of ten.

We are using Qualys for vulnerability detection in our IDC (International Data Center) on our web pages and world-wide-web applications and services.  

The best thing about this product is that it is really easy to use.  

We are concerned with the frequency of their virus code updates and reporting that contains false positives. We do not think that the accuracy of the reporting is as good as it should be.  

It would be nice if Qualys would provide a solution after analyzing the data for us so we can understand what the cause of a vulnerability is and how to fix it. It would be good enough to provide something like just a download page that describes the problem and the steps to take to resolve the vulnerability.  

We are researching open source software because Qualys needs to improve their reports and the documentation for the end-users in resolving scanned issues.  

Sometimes the deployment is complicated. It is not so easy to deploy and that should be simplified. Something like Zap or other open-source software is often easier to deploy.  

I am in the IT department in our company and we have been using Qualys for three years.  

Qualys is a very stable solution for us. We have not had trouble with downtime.   

We get a license to use this application for up to a year and we file for a license every year to renew. We would need to renew this license in September of 2020, so we will need to make a decision whether we will be continuing to use Qualys as a solution.  

Sometimes the deployment is complicated. The deployment should be easier and more consistent.  

The cost of the solution should be lower. In our company now, we only have 200 employees. For us, the license fee is kind of expensive. The cost is $30,000 USD for one year to cover WAS (Web Application Security) and the VM (Virtual Machine) security. That price includes maintenance and any consulting with Qualys.  

I would recommend Qualys if the budget is not a problem. There may be other open-source solutions that could be used to perform a similar analysis.   

On a scale from one to ten (where one is the worst and ten is the best), I would rate this solution as an eight-out-of-ten.  

I think we have the fastest version, and they always upgrade it. I think it's the $2 or $3-a-month version. They have multiple engines inside it, but it's a site-based service. It is not on-demand, so Qualys will host it. It's the pay as you go service that is on the software-as-a-service. 

We use the DAST, dynamic application scan test.

The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours.

One area that could be improved is the a data server. That's probably what I most noticed in comparison with the Rapid7. Also, the UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs. This is not good. 

Additionally, you don't have a recording feature, where you can record your screen navigation. Like a macro, you want to create the full screen, and they don't provide a tool which can record your navigation and then do a replay.

In terms of what should be included in the next release, like I mentioned, just the UI, the user interface screen. Also, it would be good If they could improve and enrich the reports. These are the fundamental differences with Rapid7.

I have been using Qualys Web Application Scanning for five years.

Qualys Web Application Scanning is very stable and reliable. But the reporting does not look that great.

In terms of scalability, it is very easy to expand. It's very fast and visible.

We don't have many people working on the solution. But our applications are big applications. We are using six components in different applications.

Support is very good.

Because of tasking, the initial setup is very straightforward. We didn't have to purchase any hardware for the installation. It is task-based. The cloud provision is there. It is good. I think nowadays everyone is going with the cloud provisioning. That way you can subscribe for any number of years to use the software. 

I think the initial setup took a couple of hours because there were no plugins and nothing to be installed.

We implemented it ourselves and there was no installation expert here.

Yes, we are still comparing it with Rapid7. We want to first make assessments of what advantages we can get with Rapid7.

My advice for anyone considering this solution is, "Go for it." 

On a scale of one to ten, I would give Qualys Web Application Scanning a seven.

We are using Qualys Web Application Scanning for our customers. We have the expertise in the solution to provide our customers with the results.

We use the tool for scanning web applications for our clients.

The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done.

We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error.

I have been using Qualys Web Application Scanning for approximately five years.

The stability of Qualys Web Application Scanning could be better.

I rate the stability of Qualys Web Application Scanning an eight out of ten.

Qualys Web Application Scanning has been scalable we have not had any problems in our operations.

The initial setup of Qualys Web Application Scanning is simple for us. However, we have trained engineers that are registered. The deployment did not take very long.

We do the migration for our customers and provide them with testing results. One person can do the implementation of the solution.

I would recommend this solution to others.

I rate Qualys Web Application Scanning a seven out of ten.

We primarily use this solution for VM scanning. We scan more than a thousand applications.

The most valuable features are scanning analysis and reporting.

This solution also provides real-time monitoring.

The interface is user-friendly and easy to understand.

The reporting needs to be improved because there are a lot of search parameters, and at the end of the day, the reports are so large that it is very difficult for us to go through each and every point to analyze the vulnerabilities.

The scanner reports a lot of false positives, which is something that needs to be improved.

We have been using Qualys for almost a year.

The stability is good.

In terms of scalability, Qualys is good.

I have not dealt with technical support yet because there are other people dealing with issues that arise. My understanding is that technical support is good.

I have also used the Nexus Vulnerability Scanner and it reports fewer false positives.

This solution was implemented before I joined the department.

There are different options available with respect to licensing.

I would rate this solution an eight out of ten.

For some projects, we will need to use this on-premises. It depends on the confidentiality of our project. For other projects, we will also be deploying on the cloud or maybe a hybrid solution as well.  

We are looking forward to having a relationship as a partner with this company and maybe one or two others. We are not just a customer. We have a bunch of freelancers that we are working with in three different companies in Slovenia, Australia, and other countries. We are looking for solutions to make our testing and security checks more affordable.  

I am not the person who is actually directly testing this. One of the other people from our team is doing that. But I was involved in the selection of what we products we should compare based on available features, demos, and how products appear to meet our needs. What I remember from my experience with Qualys is that the simplicity of exporting reports and the simplicity and clarity of the reports included with the product is good. The website was also well-designed and easy to navigate. The SSL security measurements that the product offers seem comprehensive. But I can not say, at this preliminary phase, that I specifically think this or that from Qualys is the most valuable. It is intriguing enough to make our shortlist and POC efforts.  

Knowing we are in an early phase of discovery and comparison, it is impossible to know exactly what features may need improvement. Some seem to be interesting, on the other hand. The only thing that is in need of improvement from my perspective at this point is pricing in comparison to other, similar products.   

We are in the process of analyzing several products over several months in this category for comparison and proof of concept.  

We have not yet had to contact technical support for any reason.  

I don't have information at this moment because we are in the process of discovery and we have not fully deployed. We do have a test deployment running.  

The pricing of Qualys is quite expensive in comparison with the other products in this category that are offering pretty much the same thing. Pricing is one area of the product that can be improved. At this stage of our discovery, we only know the initial cost is high.  

We were testing a lot of products. We were looking for a good product for our needs and for the needs of our customers to scan vulnerabilities. Qualys was one of the products we chose to do further testing with. The testing with data is still continuing and is a process. As we are in the process of discovery now, we cannot exactly qualify our experience with the product.  

On a scale from one to ten where one is the worst ten is the best, I would rate Qualys as a seven at this point. It is difficult to rate Qualys — or even products from other companies — as better than this because we are hearing the same thing from all the product manufacturers before we went into testing. But based on the references from other users about Qualys, our current level of experience, the pricing as we know it and the services that are offered for free, Qualys is a seven.  

What we have mostly found at this point is that you can't just install a free trial version of a product and get a complete impression immediately. With some products like Qualys or others in the category, the pricing may not be completely right because there are hidden costs. It could be one solution is not quick to deploy and that seems to make it difficult but in actual use, it is easier than everything else. Some products will be easy to set up and after 10 days of trying to work with it, I might be disappointed because of what I committed to.  

With our vulnerabilities under control, it puts our services in compliance and minimizes our risk for exposure.

The vulnerability scanning and patching features are the most valuable parts of the solution.

The solution needs to adjust its pricing. They should make it more affordable.

The solution is stable.

The cloud service makes the solution very scalable. We have about ten users right now, however we don't intend to increase usage at this time.

Technical support is excellent. I would rate it ten out of ten.

We've never used a different solution.

The initial setup was straightforward. Deployment took about two weeks.

Our internal team handled the implementation.

We did not evaluate other options before choosing Qualys.

We are using the cloud deployment model.

I would recommend other users to use Qualys Application Scanning for application security. If you're serious about security you need a service or a solution that does continuous scanning of your application and infrastructure. There are always vulnerabilities being introduced.

I would rate the solution eight out of ten.