Try our new research platform with insights from 80,000+ expert users
Qualys Web Application Scanning Logo

Qualys Web Application Scanning pros and cons

Vendor: Qualys
3.9 out of 5
1,173 followers
Start review

Pros & Cons summary

Qualys Web Application Scanning offers extensive capabilities including automated scanning, vulnerability detection, and patch management. It ensures precise external penetration with PCI scans and easy integration with Burp Suite for rapid remediation. Although deployment complexities exist, notably between internal and external scans, its cloud-based architecture guarantees rapid scalability and thorough reporting. Despite a higher price point and several false positives, improvements in authenticated scanning and business logic vulnerability testing could enhance its competitive edge.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Qualys Web Application Scanning is highly scalable and effective for external scans, reducing completion time by half.
It seamlessly integrates with tools like Burp Suite, offering detailed reporting that simplifies remediation.
Licensing options are praised for being advantageous for enterprises, particularly for web development purposes.
Qualys Web Application Scanning is valued for its robust patch and vulnerability management features, providing comprehensive reporting.
The platform offers a unified console for streamlined vulnerability and compliance management across on-premises and cloud environments.

CONS

Qualys Web Application Scanning needs to improve its handling of false positives, as users report numerous inaccuracies compared to other solutions.
Pricing for Qualys Web Application Scanning is seen as high, and there are calls for more competitive and affordable pricing.
Concurrent scanning capabilities in Qualys Web Application Scanning are limited, with difficulties in running multiple scans simultaneously for numerous websites.
Qualys Web Application Scanning lacks interactive features that provide clear guidance on vulnerabilities and remediation steps, which is noted as a point of comparison with competitors like Veracode.
Specific features such as the ability to upload custom payloads and better visibility into applications are lacking in Qualys Web Application Scanning.
 

Qualys Web Application Scanning Pros review quotes

Brammadevan K - PeerSpot reviewer
Feb 22, 2024
The vulnerability management feature is a strong one. And also the patch management feature.
Read full review
reviewer1254240 - PeerSpot reviewer
Jan 12, 2020
The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good.
Read full review
Daniel_Ndiba - PeerSpot reviewer
Aug 16, 2018
It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools.
Read full review
Buyer's Guide
Qualys Web Application Scanning
March 2025
Free Report: Qualys Web Application Scanning Reviews and More
Learn what your peers think about Qualys Web Application Scanning. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
DOWNLOAD NOW
844,944 professionals have used our research since 2012.
JP
Sep 4, 2024
Automated scanning has significantly improved our web application security management by reducing manual work.
Read full review
reviewer1387992 - PeerSpot reviewer
Aug 11, 2020
The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours.
Read full review
reviewer1138395 - PeerSpot reviewer
Feb 16, 2022
Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers.
Read full review
SubhajitAich - PeerSpot reviewer
Aug 25, 2023
Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box.
Read full review
HJ
Sep 27, 2020
It is easy to use.
Read full review
RT
Aug 2, 2018
We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not.
Read full review
S S RAMA KRISHNA MURTHY SURI - PeerSpot reviewer
Jun 16, 2022
It works with many different products.
Read full review
Show 10 more reviews (out of 30)
 

Qualys Web Application Scanning Cons review quotes

Brammadevan K - PeerSpot reviewer
Feb 22, 2024
There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage.
Read full review
reviewer1254240 - PeerSpot reviewer
Jan 12, 2020
The pricing does not seem to be competitive.
Read full review
Daniel_Ndiba - PeerSpot reviewer
Aug 16, 2018
The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected.
Read full review
Buyer's Guide
Qualys Web Application Scanning
March 2025
Free Report: Qualys Web Application Scanning Reviews and More
Learn what your peers think about Qualys Web Application Scanning. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
DOWNLOAD NOW
844,944 professionals have used our research since 2012.
JP
Sep 4, 2024
One area for improvement is the user interface. The new UI, which was recently upgraded, feels more complex and less user-friendly than the old version.
Read full review
reviewer1387992 - PeerSpot reviewer
Aug 11, 2020
The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs.
Read full review
reviewer1138395 - PeerSpot reviewer
Feb 16, 2022
We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans.
Read full review
SubhajitAich - PeerSpot reviewer
Aug 25, 2023
Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly.
Read full review
HJ
Sep 27, 2020
The reporting contains too many false positives.
Read full review
RT
Aug 2, 2018
In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us.
Read full review
S S RAMA KRISHNA MURTHY SURI - PeerSpot reviewer
Jun 16, 2022
There could be better management and faster scanning.
Read full review
Show 10 more reviews (out of 30)

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Qualys Web Application Scanning Logo
SonarQube Server (formerly SonarQube) vs Qualys Web Application Scanning
GitLab vs Qualys Web Application Scanning Logo
GitLab vs Qualys Web Application Scanning
Snyk vs Qualys Web Application Scanning Logo
Snyk vs Qualys Web Application Scanning
Checkmarx One vs Qualys Web Application Scanning Logo
Checkmarx One vs Qualys Web Application Scanning
Veracode vs Qualys Web Application Scanning Logo
Veracode vs Qualys Web Application Scanning
Mend.io vs Qualys Web Application Scanning Logo
Mend.io vs Qualys Web Application Scanning
Fortify on Demand vs Qualys Web Application Scanning Logo
Fortify on Demand vs Qualys Web Application Scanning
Sonatype Lifecycle vs Qualys Web Application Scanning Logo
Sonatype Lifecycle vs Qualys Web Application Scanning
GitHub Advanced Security vs Qualys Web Application Scanning Logo
GitHub Advanced Security vs Qualys Web Application Scanning
Acunetix vs Qualys Web Application Scanning Logo
Acunetix vs Qualys Web Application Scanning
PortSwigger Burp Suite Professional vs Qualys Web Application Scanning Logo
PortSwigger Burp Suite Professional vs Qualys Web Application Scanning
HCL AppScan vs Qualys Web Application Scanning Logo
HCL AppScan vs Qualys Web Application Scanning
GitHub vs Qualys Web Application Scanning Logo
GitHub vs Qualys Web Application Scanning
Tenable.io Web Application Scanning vs Qualys Web Application Scanning Logo
Tenable.io Web Application Scanning vs Qualys Web Application Scanning
CodeSonar vs Qualys Web Application Scanning Logo
CodeSonar vs Qualys Web Application Scanning
See all alternatives

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Qualys Web Application Scanning Logo
SonarQube Server (formerly SonarQube) vs Qualys Web Application Scanning
GitLab vs Qualys Web Application Scanning Logo
GitLab vs Qualys Web Application Scanning
Snyk vs Qualys Web Application Scanning Logo
Snyk vs Qualys Web Application Scanning
Checkmarx One vs Qualys Web Application Scanning Logo
Checkmarx One vs Qualys Web Application Scanning
Veracode vs Qualys Web Application Scanning Logo
Veracode vs Qualys Web Application Scanning
Mend.io vs Qualys Web Application Scanning Logo
Mend.io vs Qualys Web Application Scanning
Fortify on Demand vs Qualys Web Application Scanning Logo
Fortify on Demand vs Qualys Web Application Scanning
Sonatype Lifecycle vs Qualys Web Application Scanning Logo
Sonatype Lifecycle vs Qualys Web Application Scanning
GitHub Advanced Security vs Qualys Web Application Scanning Logo
GitHub Advanced Security vs Qualys Web Application Scanning
Acunetix vs Qualys Web Application Scanning Logo
Acunetix vs Qualys Web Application Scanning
PortSwigger Burp Suite Professional vs Qualys Web Application Scanning Logo
PortSwigger Burp Suite Professional vs Qualys Web Application Scanning
HCL AppScan vs Qualys Web Application Scanning Logo
HCL AppScan vs Qualys Web Application Scanning
GitHub vs Qualys Web Application Scanning Logo
GitHub vs Qualys Web Application Scanning
Tenable.io Web Application Scanning vs Qualys Web Application Scanning Logo
Tenable.io Web Application Scanning vs Qualys Web Application Scanning
CodeSonar vs Qualys Web Application Scanning Logo
CodeSonar vs Qualys Web Application Scanning
See all alternatives
Related questions
  • 25
What is the biggest difference between OWASP Zap and Qualys?
  • 696
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 45
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 119
What are the Top 5 cybersecurity trends in 2022?
  • 135
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 47
We're evaluating Tripwire, what else should we consider?
  • 14
Which application security solutions include both vulnerability scans and quality checks?
  • 1,635
Is SonarQube the best tool for static analysis?
  • 23
Why Do I Need Application Security Software?
  • 75
Which Email Security enterprise solution would you choose: Cisco Secure Email vs Forcepoint Email Security vs Barracuda Email Security Gateway?