Qualys Web Application Scanning (WAS) and Acunetix are competing in the web application security market, providing vulnerability scanning solutions. Qualys may have an edge with its cloud scalability and widespread integration features, whereas Acunetix stands out with its detailed vulnerability detections and low false positive rates.
Features: Qualys Web Application Scanning offers robust vulnerability scans and seamless integration with tools like Selenium IDE and Jenkins, ensuring flow in DevOps processes. It is renowned for protecting against zero-day vulnerabilities and the OWASP Top 10, alongside its cloud-based scalability and detailed reporting. Acunetix is distinguished by its deep scanning and automation in vulnerability detection with an impressively low false positive rate. Its ability to mimic attacks using login sequence recordings and parameterized tests is highly regarded.
Room for Improvement: Qualys' XSS detection capabilities and integration process can be improved for user-friendliness and lesser deployment complexity. Its pricing model and setup complexity have received some criticism. Acunetix can also work on pricing issues and on reducing false positives associated with XSS. Improvements are suggested for handling complex web apps and achieving smoother integration with diverse systems.
Ease of Deployment and Customer Service: Qualys WAS supports hybrid, public, and private cloud deployments, offering deployment flexibility. Users appreciate its 24/7 support and technical assistance, although response times could be better. Acunetix is mainly on-premises focused. While it provides efficient support, costs can impact deployment satisfaction.
Pricing and ROI: Qualys is perceived as costly, but effective due to the significant ROI attributed to reduced operational overheads through automation. In contrast, Acunetix faces criticism over recent price hikes, slightly affecting its market standing. Nevertheless, it competes effectively through features like the IAS module. Both offer annual licensing, with Qualys positioned as a premium solution and Acunetix adapting to market shifts.
It saves a significant amount of time by covering attack surfaces.
The technical support from Invicti is very good and fast.
The technical support from Acunetix is quite good
Once we purchase the license, we have access to top-notch support.
I have dealt with Qualys's technical support, and any enhancements are challenging.
At one point, there was a limitation on reporting for 100,000 assets at a time.
It is licensed for assets, so we just contact the team for additional licenses if needed.
The support program was helpful in addressing it.
With the growing reliance on AI, Qualys Web Application Scanning should be updated to handle AI-based applications and LLM-based attacks.
One area of improvement is reducing false positives by prioritizing agent findings over remote findings when there is a corresponding local agent finding.
I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus.
We secured a special licensing model for penetration testing companies, which is cost-effective.
The pricing of Acunetix is pretty expensive and could be improved.
They offer discounts on bulk licenses, making it cheaper compared to competitors like Veracode DAST.
I find it a bit expensive compared to other competitors.
Its most valuable role is in enhancing security by identifying potential vulnerabilities efficiently.
I find it to be one of the most comprehensive tools, with support for manual intervention.
It effectively detects vulnerabilities like the OWASP Top 10 without any issues in reporting.
It is recognized as one of the best tools for web application security from a development perspective.
The product helps by providing options for remediating vulnerabilities it finds, making it really useful.
Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.
Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.
Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.
Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:
Benefits of Qualys Web Application Scanning
Qualys Web Application Scanning offers many benefits, including:
Reviews from Real Users
Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.
P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
