Qualys Web Application Scanning vs Rapid7 InsightAppSec comparison

The compared Qualys and Rapid7 solutions aren't in the same category. Qualys is ranked #15 in AS , with an average rating of 7.7, and holds a 1.7% mindshare in the category. Rapid7 is ranked #5 in DAST , with an average rating of 7.7, and holds a 5.8% mindshare. Additionally, 88% of Qualys users are willing to recommend the solution, compared to 94% of Rapid7 users who would recommend it.

Qualys Web Application Scan...

Read 40 Qualys Web Application Scanning reviews

4,713 Views
2,969 Comparison Views

88% willing to recommend

Rapid7 InsightAppSec

Read 20 Rapid7 InsightAppSec reviews

2,311 Views
878 Comparison Views

94% willing to recommend

Qualys Web Application Scan...

Rapid7 InsightAppSec

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Qualys Web Application Scanning and Rapid7 InsightAppSec based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Qualys Web Application Scanning vs. Rapid7 InsightAppSec Report (Updated: May 2022).

Buyer's Guide

Qualys Web Application Scanning vs. Rapid7 InsightAppSec

May 2022

Download the complete report

Helped 890,124 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Qualys Web Application Scan...

Average Rating

7.6

Reviews Sentiment

6.3

Number of Reviews

Ranking in other categories

Application Security Tools (15th), Static Application Security Testing (SAST) (12th)

Rapid7 InsightAppSec

Average Rating

8.2

Reviews Sentiment

6.7

Number of Reviews

Ranking in other categories

Dynamic Application Security Testing (DAST) (5th), AI Observability (14th)

Mindshare comparison

While both are Quality Assurance solutions, they serve different purposes. Qualys Web Application Scanning is designed for Application Security Tools and holds a mindshare of 1.7%, down 2.0% compared to last year.
Rapid7 InsightAppSec, on the other hand, focuses on Dynamic Application Security Testing (DAST), holds 5.8% mindshare, up 4.5% since last year.

Application Security Tools Mindshare Distribution
Product	Mindshare (%)
Qualys Web Application Scanning	1.7%
SonarQube	14.5%
Checkmarx One	9.2%
Other	74.6%

Application Security Tools

Dynamic Application Security Testing (DAST) Mindshare Distribution
Product	Mindshare (%)
Rapid7 InsightAppSec	5.8%
Veracode	16.6%
Checkmarx One	15.3%
Other	62.3%

Dynamic Application Security Testing (DAST)

Featured Reviews

AnkitSharma13

Security Officer at a tech vendor with 10,001+ employees

Web scanning needs improvement but offers good vulnerability detection

The downside of Qualys Web Application Scanning is that it cannot crawl automatically. If I provide an IP address and a login form, it does basic testing, but it doesn't go deep as IBM AppScan does. If Qualys Web Application Scanning could improve its crawling capability, it would be more user-friendly. Qualys Web Application Scanning does IP-level testing, requiring direct input of credentials, and can only scan a few pages to provide known generic vulnerabilities, which isn't as beneficial from my point of view. The Vulnerability Management also relies heavily on version numbers and will flag vulnerabilities based on the component version, but it doesn't check if a real fix exists, leading to flags on components that actually have workarounds available.

Read full review

Shritam Bhowmick

Vulnerability Management Lead at garrett

Provides reliable applications security but needs better integration options

There are areas for improvements regarding false positives. Integration capabilities are lacking, as options for integrations with other tools such as SNOW, Jira, or other integration tools are not sufficient in Rapid7 InsightAppSec. The user interface sometimes has glitches, which may prevent appropriate results during navigation, and even when we get appropriate results, it can be impossible to export them to CSV records or download files. Regarding scalability, Rapid7 InsightAppSec is not a scalable solution for our industry due to limited integration capabilities. Rapid7 relies on another tool called InsightConnect, which requires additional investment, detracting from scalability. Another area that needs improvement is the integration of AI capabilities into the platform. Both Rapid7 InsightAppSec and InsightVM need to advance in that area. In terms of behavioral and pattern recognition, identifying complex attacks such as SQL, blind SQL, JSON, and LDAP injections often results in 94% false positives. This necessitates improvement in their behavioral-based analytics feature.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."

"Qualys Web Application Scanning is accurate and provides minimal false positives."

"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."

"We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues."

"The most valuable feature is that we are able to scan the services and put credentials like a user ID password, and we can verify the vulnerability level."

"The features of Qualys Web Application Scanning are impressive as the scan is faster and gets completed quickly, the dashboards look great, the option for scheduled scans makes it fully automated, and customizable reports can be downloaded anytime in CSV, PDF, or whichever format required."

"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."

"WAS gave us visibility into our externally exposed web applications and showed us vulnerabilities that we were not aware of and did not know how to test for."

More Qualys Web Application Scanning pros

"The templates feature is very easy; you just choose the kind of attack you want on your web application, and you run it against that template and receive a report, which is great."

"The product’s most valuable feature is UI. It is easy to manage and find vulnerabilities in the application."

"It uses a signature-based method to check for problems with your code and will provide an alert if anything is found."

"Rapid7 InsightAppSec is a good product for dynamic application security testing, providing neat reports that include validation actions and helping to generate web application firewall rules for web applications."

"I would rate the technical support from Rapid7 a ten, indicating high-quality support."

"The stability has been very good; I would rate it five out of five in terms of reliability, as it doesn't crash or freeze, there are no bugs or glitches, and the performance is good."

"We have seen measurable decrease in the mean time to respond to threats by 20 percent."

"This is a product that I recommend and my advice for anybody who is interested in trying it, there is a free 60-day trial period where they will fix your problems without any payment."

More Rapid7 InsightAppSec pros

Cons

"The downside of Qualys Web Application Scanning is that it cannot crawl automatically. If I provide an IP address and a login form, it does basic testing, but it doesn't go deep as IBM AppScan does."

"It should have better automatic reporting."

"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."

"It is unclear how to build automation on Qualys. We do some automation, but not fully, because working is difficult."

"The downside of Qualys Web Application Scanning is that it cannot crawl automatically."

"I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus."

"The virus code updates are not frequent enough."

"We are researching open source software because Qualys needs to improve their reports and the documentation for the end-users in resolving scanned issues."

More Qualys Web Application Scanning cons

"The number of web applications we can scan is limited."

"Currently, InsightAppSec lacks similar functionality. Customers must wait for remediation during the developers' preparation of a new version."

"The product’s pricing could be flexible."

"Customers sometimes experience issues with performance."

"The reporting feature of Rapid7 InsightAppSec needs improvement as it currently provides basic reports."

"Currently, InsightAppSec lacks similar functionality. Customers must wait for remediation during the developers' preparation of a new version."

"In terms of behavioral and pattern recognition, identifying complex attacks such as SQL, blind SQL, JSON, and LDAP injections often results in 94% false positives."

"The interface should be a little bit easier to manage. Sometimes, the logic that they use is kind of strange. They need to work a little bit more on their interface to make it more understandable. The interface is the only problem. I'm using Rapid7, which is very intuitive. There are other applications available in the market with a better interface. They can include more techniques or options to test different types of security because the templates are limited. It would be great to see them follow the MITRE ATT&CK framework or what is there in tools like Veracode and Synopsys."

More Rapid7 InsightAppSec cons

Pricing and Cost Advice

"I rate the software’s pricing a six out of ten."

"We are on an annual license for the solution and the pricing could be more affordable."

"Try the free trial of the product to understand the basic working mechanisms."

"The product pricing is fair and reasonably priced."

"Pricing was reasonable and competitive. It was not too far above the other products."

"The product is expensive, at least initially, in comparison to other products in this category."

"Qualys Web Application Scanning's pricing is a bit expensive compared to other solutions available in the market."

"Qualys has an IT-based licensing based on a yearly license, which is a good way of handling it. However, in some cases, when we do the PCI scanning, the host will not like the scanning and we lose the IT license. So, this could be improved."

More Qualys Web Application Scanning pricing and cost advice

"They offer a good price, but I don't remember its cost. It is fair as compared to the competition. We have opted for project-based licensing, not user-based. We can add any number of users. That doesn't matter. It is worth the money."

"Its price is competitive. It is not expensive."

"Rapid7 InsightAppSec is cheap."

"I rate Rapid7 InsightAppSec’s pricing an eight out of ten."

"The price of this product is very cheap."

"I'm not sure how much it costs exactly, but I know it's expensive."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

890,124 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

13%

Manufacturing Company

12%

Computer Software Company

Comms Service Provider

Manufacturing Company

13%

Financial Services Firm

11%

Government

10%

Computer Software Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	8
Midsize Enterprise	6
Large Enterprise	27

By reviewers
Company Size	Count
Small Business	12
Midsize Enterprise	2
Large Enterprise	5

Questions from the Community

What is your experience regarding pricing and costs for Qualys Web Application Scanning?

Regarding pricing, I think for personal use, it is costly, but if organizations are ready to pay, then it is fine as they are using it.

See all answers

What needs improvement with Qualys Web Application Scanning?

See all answers

What is your primary use case for Qualys Web Application Scanning?

I use Qualys Web Application Scanning, and we are using Vulnerability Management. By Vulnerability Management, I mean not TotalCloud; they have some on-premises solutions also. Patch Management and...

See all answers

What needs improvement with Rapid7 InsightAppSec?

Customers sometimes experience issues with performance. One thing that I recall is that most customers often want to have reporting as per their customized dashboard. This needs to be improved beca...

See all answers

What is your primary use case for Rapid7 InsightAppSec?

I usually recommend this solution for financial institutions. Banks and financial institutions need this solution mostly because they have to follow stringent compliance advisory requirements, so t...

See all answers

What advice do you have for others considering Rapid7 InsightAppSec?

I have not heard any complaints. I do not have any recommendations because customers were initially worried about the number of scans they used to perform, and now it has been enhanced or it will s...

See all answers

Comparisons

OWASP Zap vs Qualys Web Application Scanning

Compared 7% of the time

Checkmarx SAST vs Qualys Web Application Scanning

Compared 7% of the time

SonarQube vs Qualys Web Application Scanning

Compared 6% of the time

PortSwigger Burp Suite Professional vs Qualys Web Application Scanning

Compared 5% of the time

Veracode vs Qualys Web Application Scanning

Compared 5% of the time

More Qualys Web Application Scanning Competitors

Invicti vs Rapid7 InsightAppSec

Compared 13% of the time

PortSwigger Burp Suite Enterprise Edition vs Rapid7 InsightAppSec

Compared 11% of the time

Veracode vs Rapid7 InsightAppSec

Compared 9% of the time

AppCheck vs Rapid7 InsightAppSec

Compared 9% of the time

More Rapid7 InsightAppSec Competitors

Product Reports

Buyer's Guide

Qualys Web Application Scanning

April 2026

Download Qualys Web Application Scanning product report

Buyer's Guide

Rapid7 InsightAppSec

April 2026

Download Rapid7 InsightAppSec product report

Also Known As

Qualys WAS

InsightAppSec

Overview

Qualys Web Application Scanning offers advanced vulnerability management, progressive scheduling, and seamless integration with DevOps environments. Its user-friendly design enables enterprises to enhance security with comprehensive scanning and detailed forensic insights.

Qualys Web Application Scanning addresses enterprise-level security challenges by providing robust solutions for vulnerability management, penetration testing, and compliance checks. While easing the navigation process, it supports risk mitigation with precise risk ratings, minimal false positives, and detailed reporting. However, it faces challenges with its complex interface, authenticated scanning, and automation features. Integrating smoothly with CI/CD pipelines, it is suitable for continuous and automated scanning, adapting to diverse company requirements.

What are the standout features of Qualys Web Application Scanning?

Progressive Scheduling: Enables efficient management of scanning activities, optimizing for time-sensitive scenarios.
Vulnerability Management: Offers robust identification and management of vulnerabilities across various applications.
Integration with DevOps: Seamlessly integrates with CI/CD pipelines, supporting rapid development cycles.
Risk Ratings: Provides precise risk assessments, crucial for prioritizing security efforts.
Engaging Dashboard: Offers an intuitive interface for navigating security tasks efficiently.

What benefits or ROI should users look for in Qualys Web Application Scanning reviews?

Scalability: Supports enterprise needs with a design adaptable to diverse security demands.
Risk Mitigation: Detailed alerts and forensic insights aid in reducing potential threats.
Comprehensive Reporting: Facilitates informed decision-making with clear, concise reports.
Penetration Testing: Enhances security assessments with ongoing evaluation capabilities.

Organizations across sectors like education, banking, and international data centers leverage Qualys Web Application Scanning for conducting penetration testing, scanning web applications, and managing vulnerabilities. It aids in audit security and compliance, identifying threats, and generating user-friendly reports, making it a valuable asset for maintaining strong security postures.

Qualys

Rapid7 InsightAppSec is a cloud-based security tool offering robust web scanning capabilities with a user-friendly interface and seamless integration. It enhances dynamic application security testing through customizable modules, providing comprehensive reports and remediation guidance.

InsightAppSec delivers dynamic application security testing with features like Attack Replay and a centralized dashboard for vulnerability insights. It supports flexible deployment options and simplifies scheduling frequent scans. The tool's intuitive graphical interface and extensive scanning coverage make it valuable for identifying vulnerabilities in web applications, APIs, and e-commerce sites, ensuring compliance. However, improvements are needed in detection accuracy, reporting options, and integrations with external tools like WAF and ticketing systems. There is a need for better scan management, support for mobile applications, customized reporting options, pricing flexibility, improved support, and AI integration.

What are the key features of InsightAppSec?

Seamless Integration: Easily integrates within SDLC for automated scans.
User-Friendly Interface: Offers an intuitive graphical experience.
Robust Web Scanning: Provides extensive vulnerability scanning of web applications and APIs.
Customizable Attack Modules: Tailors testing to meet specific security needs.
Attack Replay: Facilitates re-testing of potential vulnerabilities for accuracy.
Centralized Dashboard: Offers comprehensive insights into vulnerabilities.

What benefits should users look for?

Comprehensive Reports: Delivers detailed insights into security vulnerabilities.
Remediation Guidance: Provides actionable advice to fix identified vulnerabilities.
Scalability: Supports growth by handling increased demands efficiently.
Extensive Coverage: Ensures thorough security testing across multiple platforms.
Flexible Deployment: Adapts to different operational environments.

Industries rely on InsightAppSec for vulnerability scanning to secure web applications, APIs, and e-commerce platforms. Its integration within the SDLC aids in automating scans during development. While limitations exist with certain tool integrations, its cloud-based engine and effective reporting make it essential for internal and external application security assurance.

Rapid7

Sample Customers

BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.

CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace

Buyer's Guide

Qualys Web Application Scanning vs. Rapid7 InsightAppSec

May 2022

Free Report: Qualys Web Application Scanning vs. Rapid7 InsightAppSec

Find out what your peers are saying about Qualys Web Application Scanning vs. Rapid7 InsightAppSec and other solutions. Updated: May 2022.

DOWNLOAD NOW

890,124 professionals have used our research since 2012.

See our Qualys Web Application Scanning vs. Rapid7 InsightAppSec report.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.