Qualys Web Application Scanning Reviews

• Ease of use and setup
• Visibility into our environment

WAS gave us visibility into our externally exposed web applications and showed us vulnerabilities that we were not aware of and did not know how to test for. We didn't need any knowledge of these vulnerabilities or how they worked to scan for them and to gain the visibility.

The organization of the assets was a little confusing and overwhelming. The system could also use some work in pivoting from a VM scan to add the servers with web applications exposed to the WAS server. It frequently created WAS assets that did not have web applications.

I have been using it for 18 months.

Scalability would be tough because of how the endpoints are organized. We did not have any issues with deployment or stability.

We had a dedicated Technical Account Manager and the support was great.

We did not previously use a different solution.

Setup of WAS is pretty straightforward and only the organization of endpoints is a bit complex.

Implementation was very simple because we were only using the cloud product and did not have any on-prem scanners.

Being able to gain visibility into our environment created a great ROI and licensing for us was competitive, but would have made it tough to scale to our whole internal environment.

We use Qualys Internet-based scanners for external penetration testing as well as PCI scans for our clients. The tool being Internet based, it can be accessed from any location, and it does not have issues with updating the patches as well as versions (QualysGuard updates the tool at specific periods in a year with prior information). The report generated by QualysGuard is very detailed and easy to understand.

In order to finish a project, a penetration test in our company is on average five days, including documentation. Without this tool, the testing would take five days! 

By using QualysGuard, we are able to finish external scans with assured results in half the time.

QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations.

In certain cases, this product does have false positives, which the company should work on. They should also try to include business logic vulnerabilities in the scanner testing.

The product that we used in our office under different environments is highly stable.

This product is designed for easy scalability and can easily scale up without major challenges.

We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues.

It is a straightforward implementation. Once you register over the Internet, they assign you a set of static IP addresses which can be used to perform web-based scans. The administrator panel is easy to understand and create.

It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.

Try the free trial of the product to understand the basic working mechanisms.

We did try Acutenix, but the quality of results and user interface of Qualys was excellent in comparison.

We are an institutional partner of QualysGuard and buy bulk licenses. 

We are using Qualys Web Application Scanning for our customers. We have the expertise in the solution to provide our customers with the results.

We use the tool for scanning web applications for our clients.

The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done.

We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error.

I have been using Qualys Web Application Scanning for approximately five years.

The stability of Qualys Web Application Scanning could be better.

I rate the stability of Qualys Web Application Scanning an eight out of ten.

Qualys Web Application Scanning has been scalable we have not had any problems in our operations.

The initial setup of Qualys Web Application Scanning is simple for us. However, we have trained engineers that are registered. The deployment did not take very long.

We do the migration for our customers and provide them with testing results. One person can do the implementation of the solution.

I would recommend this solution to others.

I rate Qualys Web Application Scanning a seven out of ten.

My primary use case of this solution is to audit the security level of my customer's internet. We offer this as a service.

The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level. 

They should improve the performance of the security scanning. It should have better performance. 

The stability is very good. 

The scalability is very good. It is very easy to expand this solution. We scan on an IP address basis. We have credit for 250 IP addresses, and we are free to use it in our user environment, or on the cloud. 

We have around twenty users using this solution. 

Their technical support is good. We don't use them frequently because we offer that service. 

I also checked Rapid7 for internal scanning. I picked Qualys for a specific use. It's a SaaS service. We use it to audit the security level of my customer's internet. 

The initial setup is straightforward. A deployment that we did last week took four hours in order to launch it. 

I am an integrator. I work for an integration company. I do the deployments. 

Our licensing costs are on a yearly basis. We buy a group of IP addresses we can scan on a yearly basis. 

I would advise someone considering this product is to find a solution that is easy to use. We use this solution because we need to.

I would rate it an eight out of ten. Not a ten because the reporting needs improvement. It should have better automatic reporting. 

• OWASP Top 10 scanning
• PCI-ASV scanning

It's provided us with comprehensive, proactive, and automated vulnerability assessment.

I've used it for two years.

No issues encountered.

No issues encountered.

No issues encountered.

It's good.

It's good.

We switched due to there being a high number of false positives.

It was straightforward.

We used an integrato

• Nessus
• Acunetix
• Tripwire

For some projects, we will need to use this on-premises. It depends on the confidentiality of our project. For other projects, we will also be deploying on the cloud or maybe a hybrid solution as well.  

We are looking forward to having a relationship as a partner with this company and maybe one or two others. We are not just a customer. We have a bunch of freelancers that we are working with in three different companies in Slovenia, Australia, and other countries. We are looking for solutions to make our testing and security checks more affordable.  

I am not the person who is actually directly testing this. One of the other people from our team is doing that. But I was involved in the selection of what we products we should compare based on available features, demos, and how products appear to meet our needs. What I remember from my experience with Qualys is that the simplicity of exporting reports and the simplicity and clarity of the reports included with the product is good. The website was also well-designed and easy to navigate. The SSL security measurements that the product offers seem comprehensive. But I can not say, at this preliminary phase, that I specifically think this or that from Qualys is the most valuable. It is intriguing enough to make our shortlist and POC efforts.  

Knowing we are in an early phase of discovery and comparison, it is impossible to know exactly what features may need improvement. Some seem to be interesting, on the other hand. The only thing that is in need of improvement from my perspective at this point is pricing in comparison to other, similar products.   

We are in the process of analyzing several products over several months in this category for comparison and proof of concept.  

We have not yet had to contact technical support for any reason.  

I don't have information at this moment because we are in the process of discovery and we have not fully deployed. We do have a test deployment running.  

The pricing of Qualys is quite expensive in comparison with the other products in this category that are offering pretty much the same thing. Pricing is one area of the product that can be improved. At this stage of our discovery, we only know the initial cost is high.  

We were testing a lot of products. We were looking for a good product for our needs and for the needs of our customers to scan vulnerabilities. Qualys was one of the products we chose to do further testing with. The testing with data is still continuing and is a process. As we are in the process of discovery now, we cannot exactly qualify our experience with the product.  

On a scale from one to ten where one is the worst ten is the best, I would rate Qualys as a seven at this point. It is difficult to rate Qualys — or even products from other companies — as better than this because we are hearing the same thing from all the product manufacturers before we went into testing. But based on the references from other users about Qualys, our current level of experience, the pricing as we know it and the services that are offered for free, Qualys is a seven.  

What we have mostly found at this point is that you can't just install a free trial version of a product and get a complete impression immediately. With some products like Qualys or others in the category, the pricing may not be completely right because there are hidden costs. It could be one solution is not quick to deploy and that seems to make it difficult but in actual use, it is easier than everything else. Some products will be easy to set up and after 10 days of trying to work with it, I might be disappointed because of what I committed to.  

We use it for external connection testing whenever we have a customer who utilizes post scanning tools for their main message. From the scanner's perspective, we use the scanner results to do manual testing.

We are looking for automation in our scanning activities or projects, because manual won't work. So, automation is required for us. As a result, using the Qualys scanner result is helpful for us.

We are using scanners and the PCI model. We do PCI scanning because we are a PCI vendor. We are using the tool to do the scanning on whatever the latest vulnerabilities there are, and Qualys is always providing us updates. We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not.

In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us.

It has been stable.

It is good and scalable.

Technical support is responsive.

We were and still are using webMethods Professional. We use both in tandem to do manual testing. That is our process of doing things.

We use the cloud instances for our setups. We have one setup, and it is on the cloud, so it is not complex. Actually, we don't have to do any set up. 

We have applications located in our different offices, and so far there set up has not been a challenge.

Qualys has an IT-based licensing based on a yearly license, which is a good way of handling it. However, in some cases, when we do the PCI scanning, the host will not like the scanning and we lose the IT license. So, this could be improved.

It is a very much stable. If you have a good amount of calender-based activities, it is good for defining frequency. You can define the calendar internally, then you can do your scanning. Though, it has some triaging features which should finally be fixed.