Try our new research platform with insights from 80,000+ expert users

Klocwork vs Qualys Web Application Scanning comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024
 

Categories and Ranking

Klocwork
Ranking in Application Security Tools
23rd
Ranking in Static Application Security Testing (SAST)
16th
Average Rating
8.2
Reviews Sentiment
7.2
Number of Reviews
20
Ranking in other categories
Static Code Analysis (6th)
Qualys Web Application Scan...
Ranking in Application Security Tools
13th
Ranking in Static Application Security Testing (SAST)
12th
Average Rating
7.8
Reviews Sentiment
7.4
Number of Reviews
35
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of December 2024, in the Application Security Tools category, the mindshare of Klocwork is 1.4%, down from 1.5% compared to the previous year. The mindshare of Qualys Web Application Scanning is 1.9%, down from 2.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

AnirbanSarkar - PeerSpot reviewer
Lets you find defects during the development phase, so you don't have to wait till the development is over to find and address flaws
What needs improvement in Klocwork, compared to other products in the market, is the dashboard or reporting mechanisms that need to be a bit more flexible. The Klocwork dashboard could be improved. Though it's good, it's not as good as some of the other products in the market, which is a problem. The reporting could be more detailed and easier to sort out because sorting in Klocwork could be a bit more time-consuming, mainly when sorting defects based on filters, compared to how it's done on other tools such as Coverity. What I'd like added in the next release of Klocwork is the peer code review Cahoots which used to be a part of Klocwork, and the architecture analysis and both have been taken out of Klocwork. I found the two critical for specific deployments, so if those can be brought back to Klocwork, that would be very good.
SubhajitAich - PeerSpot reviewer
A stable solution that can be used for infrastructure vulnerability scanning and web application scanning
Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly. Compared to other solutions like Tenable and Rapid7, you need to navigate a lot to get the actual results out of Qualys Web Application Scanning. If I have to search for one thing within the entire console, I have to look for it randomly. It's not very easy and very comfortable to find something. Overall, it's a very good solution, but it will be very good if the tool is more user-friendly.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The ability to create custom checkers is a plus."
"We like using the static analysis and code refactoring, which are very valuable because of our requirements to meet safety critical levels and reliability."
"The most valuable feature is the Incremental analysis."
"The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time."
"The reporting helps us understand the trend of our results and whether we improve over time. We can see the history within Klocwork's server architecture and know that we're making things better. It creates a great story for our management. We can demonstrate value and how our software is developing over time."
"One can increase the number of vendors, so the solution is scalable."
"On-the-fly analysis and incremental analysis are the best parts of Klocwork. Currently, we are using both of these features very effectively."
"There is a central Klocwork server at our headquarter in France so we connect the client directly to the server on-premises remotely."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"It is a good product for website penetration testing to detect vulnerabilities."
"It is easy to use."
 

Cons

"Klocwork does have a problem with true positives. It only found 30% of true positives in the Juliet test case."
"I would like to see better codes between projects and a more user-friendly desktop in the next release."
"I hope that in each new release they add new features relating to the addition of checkers, improving their analysis engines etc."
"Under NIST cybersecurity standards, we must address vulnerabilities within a specified time after discovering them. When we try to propagate those updates and fixes through the system, it would be nice if the clients could reconnect to the existing server or have the server dynamically updated in some way. I know that isn't easy, but maybe processes could be enhanced to make that more streamlined from a DevOps perspective."
"This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages."
"Every update that we receive requires of us a lengthy and involved process."
"The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze."
"We bought Klocwork, but it was limited to one little program, but the program is now sort of failing. So, we have a license for usage on a program that is sort of failing, and we really can't use the license on anything else."
"The support could be faster."
"They should try to include business logic vulnerabilities in the scanner testing."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"The authenticated scanning feature could be improved by adding support for real-time scanning tokens and authorization tokens."
"It is unclear how to build automation on Qualys. We do some automation, but not fully, because working is difficult."
"There should be better visibility into the application."
"The solution needs to adjust its pricing. They should make it more affordable."
"The scanner reports a lot of false positives, which is something that needs to be improved."
 

Pricing and Cost Advice

"Klocwork is still tight on their licensing. If Klocwork would loosen up on the licensing, and where the license could be used, and how many different programs could be run on it, then we have several development programs that I would love to be able to use it for going forward."
"Klocwork should not to be quite so heavy handed on the licensing for very specific programs."
"The limitation that we have is that Klocwork is licensed to certain programs, and if you want to license them to other programs, you have to pay more money."
"The pricing for Klocwork is very competitive if you compare it from apple to apple. It has competitive pricing regarding the licensing model and the per-license cost. Klocwork isn't a high-end investment for anyone deploying it; even SMBs can afford it. The Klocwork cost per user would depend on the license type, so I'm unable to mention a ballpark figure because it would depend on the type of installation and how the deployment will be, and the nodes to give an accurate calculation or figure. The total price depends on the package, so my company could never publish pricing for Klocwork on the website. My team first collects information from potential clients on the deployment scenario, project environment, etc., before suggesting a package for Klocwork. My rating for Klocwork in terms of pricing is a five because of its flexible license models. There's a license model for every type of organization, whether small, midsize, or enterprise, so it's a five out of five for me."
"When it comes to licensing, the solution has two packages, one for a fixed and the other for a floating server, with the former being more cost effective than the latter."
"This solution offers competitive pricing."
"Licensing fees are paid annually, but they also have a perpetual license."
"There are other solutions on the market such as Microsoft Visual Studio. They have been adding more static code analysis features that come for free. It is getting better all the time. That is one of the possibilities is that we've been considering that we may stop using the Klocwork because it doesn't give us any added value."
"The product pricing is fair and reasonably priced."
"I rate the software’s pricing a six out of ten."
"Qualys WAS' pricing is competitive."
"The product has a very good licensing model."
"Pricing was reasonable and competitive. It was not too far above the other products."
"​It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders​."
"From my perspective, it is a budget-friendly option."
"It is an expensive platform."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
824,145 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
41%
Manufacturing Company
19%
Computer Software Company
9%
Financial Services Firm
4%
Financial Services Firm
16%
Computer Software Company
16%
Manufacturing Company
10%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Klocwork?
It's integrated into our CI, continuous integration.
What is your experience regarding pricing and costs for Klocwork?
Our purchasing department is responsible for tracking costs. It's one of the most widely used tools in our organization. It likely does not have a high price point. I don't have insights into licen...
What needs improvement with Klocwork?
The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze. It will show all poss...
What do you like most about Qualys Web Application Scanning?
The vulnerability management feature is a strong one. And also the patch management feature.
What needs improvement with Qualys Web Application Scanning?
One area for improvement is the user interface. The new UI, which was recently upgraded, feels more complex and less user-friendly than the old version. However, as we continue to use it, we antici...
 

Also Known As

No data available
Qualys WAS
 

Learn More

 

Overview

 

Sample Customers

ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRL
BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
Find out what your peers are saying about Klocwork vs. Qualys Web Application Scanning and other solutions. Updated: December 2024.
824,145 professionals have used our research since 2012.