IT Central Station is now PeerSpot: Here's why

What needs improvement with Qualys Web Application Scanning?

Please share with the community what you think needs improvement with Qualys Web Application Scanning.

What are its weaknesses? What would you like to see changed in a future version?

PeerSpot user
99 Answers

NagarajSheshachalam - PeerSpot reviewer
Top 5Real User

When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem. In the future, customer support could improve and the output report needs to be simplified for better understanding.

Hwang James - PeerSpot reviewer
Top 20Real User

We are concerned with the frequency of their virus code updates and reporting that contains false positives. We do not think that the accuracy of the reporting is as good as it should be. It would be nice if Qualys would provide a solution after analyzing the data for us so we can understand what the cause of a vulnerability is and how to fix it. It would be good enough to provide something like just a download page that describes the problem and the steps to take to resolve the vulnerability. We are researching open source software because Qualys needs to improve their reports and the documentation for the end-users in resolving scanned issues. Sometimes the deployment is complicated. It is not so easy to deploy and that should be simplified. Something like Zap or other open-source software is often easier to deploy.

reviewer1387992 - PeerSpot reviewer
Real User

One area that could be improved is the a data server. That's probably what I most noticed in comparison with the Rapid7. Also, the UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs. This is not good. Additionally, you don't have a recording feature, where you can record your screen navigation. Like a macro, you want to create the full screen, and they don't provide a tool which can record your navigation and then do a replay. In terms of what should be included in the next release, like I mentioned, just the UI, the user interface screen. Also, it would be good If they could improve and enrich the reports. These are the fundamental differences with Rapid7.

reviewer1228896 - PeerSpot reviewer
Real User

The reporting needs to be improved because there are a lot of search parameters, and at the end of the day, the reports are so large that it is very difficult for us to go through each and every point to analyze the vulnerabilities. The scanner reports a lot of false positives, which is something that needs to be improved.

reviewer1254240 - PeerSpot reviewer
Real User

Knowing we are in an early phase of discovery and comparison, it is impossible to know exactly what features may need improvement. Some seem to be interesting, on the other hand. The only thing that is in need of improvement from my perspective at this point is pricing in comparison to other, similar products.

Lead43690 - PeerSpot reviewer
Real User

The solution needs to adjust its pricing. They should make it more affordable.

Consultab6ea - PeerSpot reviewer

They should improve the performance of the security scanning. It should have better performance.

SeniorIn3d86 - PeerSpot reviewer
Real User

The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected. Going forward, I would like it to scan for given vulnerabilities and add-ons, then confirm whether it is an actual threat or not without the false positives.

Reviewer32192 - PeerSpot reviewer

In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us.

Buyer's Guide
Application Security
May 2022
Find out what your peers are saying about Qualys, Veracode, Invicti and others in Application Security. Updated: May 2022.
597,291 professionals have used our research since 2012.