Cyber security specialist at a financial services firm with 10,001+ employees
Real User
Top 20
2024-09-04T08:31:30Z
Sep 4, 2024
We implemented the platform to identify web-based vulnerabilities in our applications, allowing us to address these issues proactively. It helps protect our web applications from potential attackers and secure them against loopholes. Automated scanning has significantly improved our web application security management by reducing manual work. It has also streamlined the process, saving us considerable time. Previously, scheduling scans for many applications would take about a week, but automation makes this process much quicker and more efficient. Regarding incident reduction, we have seen about a 20 % decrease. Cost-wise, there has been no significant difference compared to our previous tool. However, the speed of response and reduced false positives have been valuable. I would recommend it to others for its excellent customer support, scanning efficiency, and scalability. It is a reliable tool for managing web application security. Overall, I rate it an eight.
Cyber Security Engineer at R S Consulting Services
Reseller
Top 10
2024-02-22T08:02:09Z
Feb 22, 2024
For those considering Qualys, it's important to understand how it fits into their overall security strategy, especially regarding web application and firewall (WAF) security. It's crucial to grasp the full capabilities of Qualys to make an informed decision. I'd advise understanding the product thoroughly to see if it aligns with your security needs. Overall, I would rate the solution a nine out of ten.
I integrate Qualys and QRadar. QRadar is for SCM. It helps centralize the management of the network. It provides good visibility of Qualys. Qualys is a good product. There are better tools in the market. However, I recommend Qualys to others. Overall, I rate the product an eight out of ten.
I am using the latest version of Qualys Web Application Scanning. Qualys Web Application Scanning is deployed both on-premises and on-cloud in our organization. The solution is deployed on the private Azure and GCP clouds. We do not manage the solution. We implement it on behalf of our clients. I work in a consulting company. We do not own the solution; we just configure it. In terms of web application scanning, Tenable and Rapid7 are not as reliable as Qualys Web Application Scanning. Overall, I rate Qualys Web Application Scanning a nine out of ten.
Learn what your peers think about Qualys Web Application Scanning. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
Technical Lead at a computer software company with 501-1,000 employees
Real User
Top 20
2023-08-10T08:36:49Z
Aug 10, 2023
Qualys Web Application Scanning is easy to use and deploy. I rate it a nine out of ten. However, it could be less expensive compared to other open-source tools.
Information Communication Technology Specialist at UNIVERSITY OF JOHANNESBURG
Real User
Top 5
2023-06-30T13:47:14Z
Jun 30, 2023
I recommend Qualys Web Application Scanning to others. It is easy to set up and use. It has less false policies as well. Once we onboard all the customers’ assets after setting it up, it takes almost an hour to have everything running and to log reports. I rate it a ten out of ten.
I am using the latest version of the solution. Tenable makes us wait 90 days to delete the test web application, and Rapid7 does not allow us to delete it as well as Acunetix (once a year). I will recommend the solution to others. Overall, I rate the solution an eight out of ten.
I would recommend getting the POC done before implementing WAS, especially if there will be a lot of APIs involved in developing the product. Look at how the endpoint security works when the APIs run with a different channel, like web and mobile applications. I would give Qualys WAS a rating of six out of ten.
Sr Cybersecurity Leader at a non-tech company with 1,001-5,000 employees
Real User
2022-02-16T18:32:00Z
Feb 16, 2022
I rate Qualys Web Application Scanning nine out of 10. I think Web Application Scanning should integrate VMDR, a more enhanced capability that Qualys offers for enterprise vulnerability assessments. However, Qualys is way ahead of the competition on the web application front. If you're an industrial company, you should evaluate the OT scanning capability that Qualys is about to launch. It will cover all your enterprise web applications and secure your factories as well. Qualys should be a one-stop shop meeting all your end-to-end vulnerability assessment requirements, so you don't need to buy solutions from different vendors,
Lead Cyber Security engineer at a tech services company with 201-500 employees
Real User
2021-05-19T08:30:23Z
May 19, 2021
My advice to those wanting to implement this solution is if you have experience and knowledge with vulnerability management and reading through all the threats, this could be a good platform for you. If you are a new starter this solution is not a good place to start. I rate Qualys Web Application Scanning an eight out of ten.
I would recommend Qualys if the budget is not a problem. There may be other open-source solutions that could be used to perform a similar analysis. On a scale from one to ten (where one is the worst and ten is the best), I would rate this solution as an eight-out-of-ten.
CEO at a tech services company with 51-200 employees
Real User
2020-01-12T07:22:00Z
Jan 12, 2020
On a scale from one to ten where one is the worst ten is the best, I would rate Qualys as a seven at this point. It is difficult to rate Qualys — or even products from other companies — as better than this because we are hearing the same thing from all the product manufacturers before we went into testing. But based on the references from other users about Qualys, our current level of experience, the pricing as we know it and the services that are offered for free, Qualys is a seven. What we have mostly found at this point is that you can't just install a free trial version of a product and get a complete impression immediately. With some products like Qualys or others in the category, the pricing may not be completely right because there are hidden costs. It could be one solution is not quick to deploy and that seems to make it difficult but in actual use, it is easier than everything else. Some products will be easy to set up and after 10 days of trying to work with it, I might be disappointed because of what I committed to.
Lead Security Architect at a financial services firm with 501-1,000 employees
Real User
2019-08-26T06:42:00Z
Aug 26, 2019
We are using the cloud deployment model. I would recommend other users to use Qualys Application Scanning for application security. If you're serious about security you need a service or a solution that does continuous scanning of your application and infrastructure. There are always vulnerabilities being introduced. I would rate the solution eight out of ten.
Consultant at a tech services company with 1,001-5,000 employees
Real User
2019-08-22T05:49:00Z
Aug 22, 2019
I would advise someone considering this product is to find a solution that is easy to use. We use this solution because we need to. I would rate it an eight out of ten. Not a ten because the reporting needs improvement. It should have better automatic reporting.
It is a very much stable. If you have a good amount of calender-based activities, it is good for defining frequency. You can define the calendar internally, then you can do your scanning. Though, it has some triaging features which should finally be fixed.
Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.
Qualys Web Application Scanning is bundled...
We implemented the platform to identify web-based vulnerabilities in our applications, allowing us to address these issues proactively. It helps protect our web applications from potential attackers and secure them against loopholes. Automated scanning has significantly improved our web application security management by reducing manual work. It has also streamlined the process, saving us considerable time. Previously, scheduling scans for many applications would take about a week, but automation makes this process much quicker and more efficient. Regarding incident reduction, we have seen about a 20 % decrease. Cost-wise, there has been no significant difference compared to our previous tool. However, the speed of response and reduced false positives have been valuable. I would recommend it to others for its excellent customer support, scanning efficiency, and scalability. It is a reliable tool for managing web application security. Overall, I rate it an eight.
It can be recommended because it is a good tool. Overall, I rate the solution a seven out of ten.
Overall, I rate the solution a ten out of ten.
For those considering Qualys, it's important to understand how it fits into their overall security strategy, especially regarding web application and firewall (WAF) security. It's crucial to grasp the full capabilities of Qualys to make an informed decision. I'd advise understanding the product thoroughly to see if it aligns with your security needs. Overall, I would rate the solution a nine out of ten.
I integrate Qualys and QRadar. QRadar is for SCM. It helps centralize the management of the network. It provides good visibility of Qualys. Qualys is a good product. There are better tools in the market. However, I recommend Qualys to others. Overall, I rate the product an eight out of ten.
I am using the latest version of Qualys Web Application Scanning. Qualys Web Application Scanning is deployed both on-premises and on-cloud in our organization. The solution is deployed on the private Azure and GCP clouds. We do not manage the solution. We implement it on behalf of our clients. I work in a consulting company. We do not own the solution; we just configure it. In terms of web application scanning, Tenable and Rapid7 are not as reliable as Qualys Web Application Scanning. Overall, I rate Qualys Web Application Scanning a nine out of ten.
Qualys Web Application Scanning is easy to use and deploy. I rate it a nine out of ten. However, it could be less expensive compared to other open-source tools.
I recommend Qualys Web Application Scanning to others. It is easy to set up and use. It has less false policies as well. Once we onboard all the customers’ assets after setting it up, it takes almost an hour to have everything running and to log reports. I rate it a ten out of ten.
I am using the latest version of the solution. Tenable makes us wait 90 days to delete the test web application, and Rapid7 does not allow us to delete it as well as Acunetix (once a year). I will recommend the solution to others. Overall, I rate the solution an eight out of ten.
I would recommend this solution to others. I rate Qualys Web Application Scanning a seven out of ten.
I'd recommend the solution to others. We haven't had any issues after two years of working with it. I'd rate the solution eight out of ten.
I would recommend getting the POC done before implementing WAS, especially if there will be a lot of APIs involved in developing the product. Look at how the endpoint security works when the APIs run with a different channel, like web and mobile applications. I would give Qualys WAS a rating of six out of ten.
I rate Qualys Web Application Scanning nine out of 10. I think Web Application Scanning should integrate VMDR, a more enhanced capability that Qualys offers for enterprise vulnerability assessments. However, Qualys is way ahead of the competition on the web application front. If you're an industrial company, you should evaluate the OT scanning capability that Qualys is about to launch. It will cover all your enterprise web applications and secure your factories as well. Qualys should be a one-stop shop meeting all your end-to-end vulnerability assessment requirements, so you don't need to buy solutions from different vendors,
My advice to those wanting to implement this solution is if you have experience and knowledge with vulnerability management and reading through all the threats, this could be a good platform for you. If you are a new starter this solution is not a good place to start. I rate Qualys Web Application Scanning an eight out of ten.
I would recommend Qualys if the budget is not a problem. There may be other open-source solutions that could be used to perform a similar analysis. On a scale from one to ten (where one is the worst and ten is the best), I would rate this solution as an eight-out-of-ten.
My advice for anyone considering this solution is, "Go for it." On a scale of one to ten, I would give Qualys Web Application Scanning a seven.
I would rate this solution an eight out of ten.
On a scale from one to ten where one is the worst ten is the best, I would rate Qualys as a seven at this point. It is difficult to rate Qualys — or even products from other companies — as better than this because we are hearing the same thing from all the product manufacturers before we went into testing. But based on the references from other users about Qualys, our current level of experience, the pricing as we know it and the services that are offered for free, Qualys is a seven. What we have mostly found at this point is that you can't just install a free trial version of a product and get a complete impression immediately. With some products like Qualys or others in the category, the pricing may not be completely right because there are hidden costs. It could be one solution is not quick to deploy and that seems to make it difficult but in actual use, it is easier than everything else. Some products will be easy to set up and after 10 days of trying to work with it, I might be disappointed because of what I committed to.
We are using the cloud deployment model. I would recommend other users to use Qualys Application Scanning for application security. If you're serious about security you need a service or a solution that does continuous scanning of your application and infrastructure. There are always vulnerabilities being introduced. I would rate the solution eight out of ten.
I would advise someone considering this product is to find a solution that is easy to use. We use this solution because we need to. I would rate it an eight out of ten. Not a ten because the reporting needs improvement. It should have better automatic reporting.
It is a very much stable. If you have a good amount of calender-based activities, it is good for defining frequency. You can define the calendar internally, then you can do your scanning. Though, it has some triaging features which should finally be fixed.