Qualys Web Application Scanning vs Rapid7 InsightAppSec comparison

The compared Qualys and Rapid7 solutions aren't in the same category. Qualys is ranked #12 in AS , with an average rating of 8.4, and holds a 1.9% mindshare in the category. Rapid7 is ranked #4 in DAST , with an average rating of 8.1, and holds a 12.8% mindshare. Additionally, 86% of Qualys users are willing to recommend the solution, compared to 100% of Rapid7 users who would recommend it.

Qualys Web Application Scan...

Read 35 Qualys Web Application Scanning reviews

3,485 Views
2,730 Comparison Views

86% willing to recommend

Rapid7 InsightAppSec

Read 13 Rapid7 InsightAppSec reviews

382 Views
263 Comparison Views

100% willing to recommend

Qualys Web Application Scan...

Rapid7 InsightAppSec

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Qualys Web Application Scanning and Rapid7 InsightAppSec based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Qualys Web Application Scanning vs. Rapid7 InsightAppSec Report (Updated: May 2022).

Buyer's Guide

Qualys Web Application Scanning vs. Rapid7 InsightAppSec

May 2022

Download the complete report

Helped 816,406 peers since 2012

Categories and Ranking

Qualys Web Application Scan...

Average Rating

7.8

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

Application Security Tools (12th), Static Application Security Testing (SAST) (11th)

Rapid7 InsightAppSec

Average Rating

8.6

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Dynamic Application Security Testing (DAST) (4th)

Mindshare comparison

While both are Quality Assurance solutions, they serve different purposes. Qualys Web Application Scanning is designed for Application Security Tools and holds a mindshare of 1.9%, down 2.3% compared to last year.
Rapid7 InsightAppSec, on the other hand, focuses on Dynamic Application Security Testing (DAST), holds 12.8% mindshare, down 13.2% since last year.

Application Security Tools

Dynamic Application Security Testing (DAST)

Featured Reviews

SubhajitAich

Security Consultant at Cognizant

A stable solution that can be used for infrastructure vulnerability scanning and web application scanning

Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly. Compared to other solutions like Tenable and Rapid7, you need to navigate a lot to get the actual results out of Qualys Web Application Scanning. If I have to search for one thing within the entire console, I have to look for it randomly. It's not very easy and very comfortable to find something. Overall, it's a very good solution, but it will be very good if the tool is more user-friendly.

Read full review

Vikas Dusa

Cyber Security Trainer and Programmer at Freelancer

Helps to check multiple websites, particularly dynamic and e-commerce websites, for vulnerabilities within the code

In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to paste the provided CDN into your metadata. Once connected, every piece of information, including vulnerabilities, can be accessed. It also offers demo sessions. If there is any malicious network traffic targeting a specific web application, it is designed to detect and showcase the entire scenario. It provides insights into potential vulnerabilities, including issues related to process scripting or content security policy vulnerabilities. Setting up and configuring scans within the tool is easy, and I would rate it a nine out of ten. It provides videos on YouTube, along with documentation that breaks down the process into step-by-step instructions.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"It scans web applications to identify vulnerabilities during deployment."

"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."

"It is easy to use."

"By using QualysGuard, we are able to finish external scans with assured results in half the time."

"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."

"It is a very stable solution."

"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."

"It is a cloud-based solution, so it is easy to scale."

More Qualys Web Application Scanning pros

"The initial setup for us was easy enough. We didn't face too many issues. Deployment took maybe 30 minutes. It's quite quick and doesn't cause too much trouble at the outset."

"We have seen measurable decrease in the mean time to respond to threats by 20 percent."

"It's very easy to use and user-friendly. It does the job."

"It is a very robust solution."

"The product’s most valuable feature is UI. It is easy to manage and find vulnerabilities in the application."

"You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well."

"It is very convenient to get reports from the tool, which offers high-level environmental statistics."

"It uses a signature-based method to check for problems with your code and will provide an alert if anything is found."

More Rapid7 InsightAppSec pros

Cons

"The authenticated scanning feature could be improved by adding support for real-time scanning tokens and authorization tokens."

"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."

"The reporting contains too many false positives."

"There could be better management and faster scanning."

"There should be better visibility into the application."

"It should have better automatic reporting."

"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."

"The software’s pricing could be improved."

More Qualys Web Application Scanning cons

"The only concern I have with Rapid7 is that it does not provide enough information about vulnerabilities within AppSec."

"The number of web applications we can scan is limited."

"We'd like to see integrations with WAF solutions."

"When you add new projects for the same product, it either duplicates or replaces the scan configuration. If I run a scan for the same product with a different scan configuration, it should keep the previous scan configuration and not replace it with the new scan configuration. It should just add the new scan configuration. That would be helpful. They do keep the results as it is, but the scan configuration keeps changing. For example, I have set a scan configuration to a full scan, and next week, I want to run a new scan for the same product with some changes or new functionalities. I want to run a partial scan. Currently, if I change the scan configuration to partial, it changes the old one also to partial. That should be improved."

"Rapid7 InsightAppSec needs improvement in detecting phishing pages."

"I would like more details of what the product can do."

"The interface should be a little bit easier to manage. Sometimes, the logic that they use is kind of strange. They need to work a little bit more on their interface to make it more understandable. The interface is the only problem. I'm using Rapid7, which is very intuitive. There are other applications available in the market with a better interface. They can include more techniques or options to test different types of security because the templates are limited. It would be great to see them follow the MITRE ATT&CK framework or what is there in tools like Veracode and Synopsys."

"They should add more features. I would like to see them do a little more on static analysis and also interactivity analysis. Currently, it does very basic static analysis. It could do a little more static analysis, which is something that would help. A lot more interactivity analysis should also be there. It should basically look at security during interactivity."

More Rapid7 InsightAppSec cons

Pricing and Cost Advice

"Try the free trial of the product to understand the basic working mechanisms."

"It is an expensive platform."

"The product pricing is fair and reasonably priced."

"Pricing was reasonable and competitive. It was not too far above the other products."

"Licensing was based on the number of assets that you want to scan on your network. You can also do licensing on subscription. On subscription, it is easier and more flexible. You tell Qualys that you want to move from the 1000 to 2000 band or the 3000 or 5000 band, then they will give you the quotation for it. Once you pay for it, applying the licensing is quite easy and effective."

"From my perspective, it is a budget-friendly option."

"Qualys Web Application Scanning's pricing is a bit expensive compared to other solutions available in the market."

"I rate the software’s pricing a six out of ten."

More Qualys Web Application Scanning pricing and cost advice

"They offer a good price, but I don't remember its cost. It is fair as compared to the competition. We have opted for project-based licensing, not user-based. We can add any number of users. That doesn't matter. It is worth the money."

"I rate Rapid7 InsightAppSec’s pricing an eight out of ten."

"The price of this product is very cheap."

"I'm not sure how much it costs exactly, but I know it's expensive."

"Its price is competitive. It is not expensive."

"Rapid7 InsightAppSec is cheap."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

816,406 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

16%

Financial Services Firm

16%

Manufacturing Company

10%

Government

Computer Software Company

20%

Financial Services Firm

14%

Manufacturing Company

10%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Qualys Web Application Scanning?

The vulnerability management feature is a strong one. And also the patch management feature.

See all answers

What is your experience regarding pricing and costs for Qualys Web Application Scanning?

The product pricing is fair and reasonably priced.

See all answers

What needs improvement with Qualys Web Application Scanning?

One area for improvement is the user interface. The new UI, which was recently upgraded, feels more complex and less user-friendly than the old version. However, as we continue to use it, we antici...

See all answers

What do you like most about Rapid7 InsightAppSec?

See all answers

What needs improvement with Rapid7 InsightAppSec?

The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehe...

See all answers

What is your primary use case for Rapid7 InsightAppSec?

We use Rapid7 InsightAppSec for dynamic application security scanning. We scan our web applications to identify vulnerabilities and then address the issues based on the report. It is a task solutio...

See all answers

Comparisons

OWASP Zap vs Qualys Web Application Scanning

Compared 19% of the time

SonarQube Server (formerly SonarQube) vs Qualys Web Application Scanning

Compared 11% of the time

Veracode vs Qualys Web Application Scanning

Compared 9% of the time

Fortify WebInspect vs Qualys Web Application Scanning

Compared 6% of the time

Acunetix vs Qualys Web Application Scanning

Compared 6% of the time

More Qualys Web Application Scanning Competitors

Rapid7 AppSpider vs Rapid7 InsightAppSec

Compared 31% of the time

PortSwigger Burp Suite Professional vs Rapid7 InsightAppSec

Compared 15% of the time

OWASP Zap vs Rapid7 InsightAppSec

Compared 14% of the time

Acunetix vs Rapid7 InsightAppSec

Compared 11% of the time

Checkmarx One vs Rapid7 InsightAppSec

Compared 4% of the time

More Rapid7 InsightAppSec Competitors

Product Reports

Buyer's Guide

Qualys Web Application Scanning

November 2024

Download Qualys Web Application Scanning product report

Buyer's Guide

Rapid7 InsightAppSec

November 2024

Download Rapid7 InsightAppSec product report

Also Known As

Qualys WAS

InsightAppSec

Learn More

Qualys

Rapid7

Overview

Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.

Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.

Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:

Deep Scanning: All apps and APIs on your internal network and public cloud are covered by Qualys WAS deep scanning to show you any visible vulnerabilities.
DevSec Ops Tool: Detect security issues in your code while still in app development stages and generate comprehensive reports.
Comprehensive Discovery: Discover and catalog new and unknown web apps in your network.
Malware Detection: Scan a website, identify vulnerabilities, and receive alerts to any infections.

Benefits of Qualys Web Application Scanning

Qualys Web Application Scanning offers many benefits, including:

Quick Deployment: Requires no infrastructure or software to upkeep.
Effortless Scalability: Effortlessly launch a deep scan and protect thousands of websites.
Centralized Management: Manage and mend all web app vulnerabilities through a single interface.
Excellent Integration Capabilities: Integrates with Qualys Web App Firewall (WAF) for a single-click virtual patching of found vulnerabilities.
Respond to Threats Immediately: Qualys Continuous Monitoring offers the user a hands-free service by automatically launching scanning and sending notifications of a potential threat.
Cost-effective Solution: Data is analyzed in real time as Qualys WAS is an end-to-end solution; this helps avoid costs associated with managing multiple security vendors.

Reviews from Real Users

Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.

P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."

Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."

Your web applications may be complex, but your application security testing tool doesn’t need to be. InsightAppSec brings Rapid7’s proven Dynamic Application Security Testing (DAST) technology to the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. This enables you to identify XSS, SQL injection, CSRF, and other vulnerabilities with unparalleled ease. The best part? All of these capabilities are delivered via the cloud so that you’re up and running in minutes to identify the critical security risks that exist in your applications.

Sample Customers

BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.

CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace

Buyer's Guide

Qualys Web Application Scanning vs. Rapid7 InsightAppSec

May 2022

Free Report: Qualys Web Application Scanning vs. Rapid7 InsightAppSec

Find out what your peers are saying about Qualys Web Application Scanning vs. Rapid7 InsightAppSec and other solutions. Updated: May 2022.

DOWNLOAD NOW

816,406 professionals have used our research since 2012.

See our Qualys Web Application Scanning vs. Rapid7 InsightAppSec report.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.