Cloud hosted application, and was also accessible through mobile app.
Deputy Manager at a tech services company with 10,001+ employees
Network scanner has good reporting and coverage, but it needs manual pen testing
What is our primary use case?
How has it helped my organization?
Dynamic features for pen testing automation, with manual.
What is most valuable?
Network scanner has good reporting, coverage was also good. In Web scanner, dashboard was good but features were limited.
What needs improvement?
Please add manual penetration testing features.
Also I didn't like the license terms and the features were limited compared to other tools used for web applications.
Buyer's Guide
Qualys Web Application Scanning
December 2024
Learn what your peers think about Qualys Web Application Scanning. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
For how long have I used the solution?
Trial/evaluations only.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Analyst at a tech services company with 1,001-5,000 employees
Automated tools cannot find all the vulnerabilities, but this is one of the best.
What is most valuable?
WAS and being able to integrate Selenium IDE to automate the login process was most helpful.
How has it helped my organization?
Scheduling feature allows to scan on the weekends and holidays in a planned way.
What needs improvement?
Enhancing the capability to find XSS.
For how long have I used the solution?
I've used it for six months.
What was my experience with deployment of the solution?
No issues encountered.
What do I think about the stability of the solution?
No issues encountered.
What do I think about the scalability of the solution?
No issues encountered.
How are customer service and technical support?
Customer Service:
I've never had the chance to interact.
Technical Support:I've never had the chance to interact.
Which solution did I use previously and why did I switch?
This would depend on the clients' requirements.
How was the initial setup?
It's straightforward. In fact, it's one of the easiest solutions to implement.
What about the implementation team?
We used a vendor team who had good expertise.
What other advice do I have?
I would recommend this tool. Simply, go for it. The video tutorials would give an insight on the simplicity and effectiveness of the product.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Qualys Web Application Scanning
December 2024
Learn what your peers think about Qualys Web Application Scanning. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Cyber Security Consultant at a tech services company with 10,001+ employees
The way results are presented makes remediation easy, but GUI is a little complex
Pros and Cons
- "Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
- "You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
- "The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
What is our primary use case?
We have a lot of applications in our environment that we need to scan frequently. We have a lot of tutorial sites, e-learning sites, and other related websites which we have to build, maintain, and scan continuously for security purposes.
How has it helped my organization?
It definitely helps us with the remediation process as we can create different reports, whatever is required at the time.
What is most valuable?
- It's cloud-based so the installation is not so tedious.
- Easily deployed.
- Highly scalable.
- Comprehensive reporting.
Also, you can integrate your Burp Suite results and create an integrated report.
The way it shows the results - threats and exploit details - makes remediation very easy.
We have seen very few false positives. We found the documentation very useful, particularly the roll-out guide. While the tool is not hard to use, by dividing the documentation into sections, the company provided specific guidance on use cases that are not necessarily limited to the tool itself.
What needs improvement?
The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes.
Also, occasionally it can't even authenticate to basic web forms.
For how long have I used the solution?
One to three years.
How is customer service and technical support?
Qualys offers one excellent support, which includes 24/7 phone and mail support, as well as access to its online user community.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Qualys Web Application Scanning Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Popular Comparisons
SonarQube Server (formerly SonarQube)
Checkmarx One
Fortify on Demand
Sonatype Lifecycle
PortSwigger Burp Suite Professional
Tenable.io Web Application Scanning
Buyer's Guide
Download our free Qualys Web Application Scanning Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between OWASP Zap and Qualys?
- If you had to both encrypt and compress data during transmission, which would you do first and why?
- When evaluating Application Security, what aspect do you think is the most important to look for?
- What are the Top 5 cybersecurity trends in 2022?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- Which application security solutions include both vulnerability scans and quality checks?
- We're evaluating Tripwire, what else should we consider?
- Is SonarQube the best tool for static analysis?
- Why Do I Need Application Security Software?
- Which Email Security enterprise solution would you choose: Cisco Secure Email vs Forcepoint Email Security vs Barracuda Email Security Gateway?