We performed a comparison between Qualys Web Application Scanning and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It works with many different products."
"By using QualysGuard, we are able to finish external scans with assured results in half the time."
"It is a cloud-based solution, so it is easy to scale."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"The interface is user-friendly and easy to understand."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"It eases integration into our workflow. Veracode is part of our Jenkins build, so whenever we build our software, Jenkins will automatically submit the code bundle over to Veracode, which automatically kicks off the static analysis. It sends an email when it's done, and we look at the report."
"The pricing is worth it."
"To me, the principal feature is the CLI (command-line interface) because I put together a lot of implementations using it. Another important aspect is the low false-positive rate because the solution is very configurable. It is as low as 1 percent and that is a huge difference compared to competitors."
"We use it to get our scan results and see where our software is vulnerable or not vulnerable."
"The dashboards and the threat insights it provides are very good. The dashboards are intuitive and pretty straightforward, but also pretty detailed."
"It has the ability to statically scan your source code before it goes to production. It can be scanned within your testing or development environment, and that is very useful. And good explanations of all the vulnerabilities in your source code help take care of those issues in future code implementation as well."
"The most important feature is the static scanning analysis, and the reason is that it can tell us vulnerability in that code, right before we go ahead and push something to production or provide something to a client... Dynamic scanning actually hits our Web applications, to try to detect any well known Web application vulnerabilities as well."
"It has an easy-to-use interface."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
"In certain cases, this product does have false positives, which the company should work on."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"The reporting contains too many false positives."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"There could be better management and faster scanning."
"In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us."
"Deployment can be complicated."
"When we scan binary, when we perform binary analysis, it could go faster. That has a lot to do with the essence of scanning binary code, it takes a little bit longer. Certain aspects, depending on what type of code it is, take a little long, especially legacy code."
"We have approximately 900 people using the solution. The solution is scalable, but there is a high cost attached to it."
"There needs to be better API integration to the development team's pipeline, which is something that is missing and needs to be improved."
"In some cases we use their APIs; they're not as rich as I would like."
"Scanning progress is highly dependent on the speed of the Internet."
"Improve Mobile Application Dynamic Scanning DAST - .ipa and .apk"
"There are times when certain modules cannot be scanned automatically, requiring us to manually select these modules and initiate the scanning process on our side."
"The interface is too complex."
More Qualys Web Application Scanning Pricing and Cost Advice →
Qualys Web Application Scanning is ranked 18th in Application Security Tools with 31 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Qualys Web Application Scanning is rated 7.8, while Veracode is rated 8.2. The top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Qualys Web Application Scanning is most compared with OWASP Zap, SonarQube, PortSwigger Burp Suite Professional, Fortify WebInspect and Tenable.io Web Application Scanning, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Acunetix. See our Qualys Web Application Scanning vs. Veracode report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.