Kiuwan vs Qualys Web Application Scanning comparison

Kiuwan and Qualys are both solutions in the Application Security Tools category. Kiuwan is ranked #31, while Qualys is ranked #16 with an average rating of 7.7. Kiuwan holds a 1.2% mindshare in AS, compared to Qualys’s 1.8% mindshare. Additionally, 93% of Kiuwan users are willing to recommend the solution, compared to 88% of Qualys users who would recommend it.

Kiuwan

Read 23 Kiuwan reviews

2,961 Views
2,398 Comparison Views

93% willing to recommend

Qualys Web Application Scan...

Read 40 Qualys Web Application Scanning reviews

5,340 Views
3,364 Comparison Views

88% willing to recommend

Kiuwan

Qualys Web Application Scan...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 8, 2024

Qualys Web Application Scanning and Kiuwan compete in web security assessment. Kiuwan often receives higher praise for its features, while Qualys is preferred for pricing and customer support.

Features: Qualys Web Application Scanning is known for its extensive vulnerability detection, seamless integration with security frameworks, and supports automated scans. Kiuwan provides in-depth code analysis, supports a broad range of programming languages, and allows custom rule creation.

Room for Improvement: Qualys can improve real-time scanning, reduce false positives, and enhance UI intuitiveness. Kiuwan needs to improve report generation speed, dashboard intuitiveness, and coding language coverage.

Ease of Deployment and Customer Service: Qualys offers straightforward deployment with some learning curve, receiving positive feedback for customer service responsiveness. Kiuwan is quick to deploy with minimal disruptions, though reaching efficient support can be challenging.

Pricing and ROI: Qualys is viewed as offering good value with competitive setup costs and solid ROI over time. Kiuwan users are willing to invest in higher costs due to its advanced capabilities, finding substantial long-term benefits.

To learn more, read our detailed Kiuwan vs. Qualys Web Application Scanning Report (Updated: April 2026).

Buyer's Guide

Kiuwan vs. Qualys Web Application Scanning

April 2026

Download the complete report

Helped 893,244 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Kiuwan

Ranking in Application Security Tools

31st

Ranking in Static Application Security Testing (SAST)

27th

Average Rating

8.6

Reviews Sentiment

7.0

Number of Reviews

Ranking in other categories

No ranking in other categories

Qualys Web Application Scan...

Ranking in Application Security Tools

16th

Ranking in Static Application Security Testing (SAST)

11th

Average Rating

7.6

Reviews Sentiment

6.3

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of May 2026, in the Application Security Tools category, the mindshare of Kiuwan is 1.2%, up from 1.1% compared to the previous year. The mindshare of Qualys Web Application Scanning is 1.8%, down from 2.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Application Security Tools Mindshare Distribution
Product	Mindshare (%)
Qualys Web Application Scanning	1.8%
Kiuwan	1.2%
Other	97.0%

Application Security Tools

Featured Reviews

Mustufa Bhavnagarwala

CyberRisk Solution Advisor at a consultancy with 10,001+ employees

Though a stable tool, the UI needs improvement

Kiuwan can improve its UI a little more. The user experience can be made better. Kiuwan offers a user interface that is similar to the one offered by Windows 7 or Windows 98, which I saw when I ran the tool and tried to scan the repository to find the security issues. The product's UI has certain shortcomings, where improvements are required.

Read full review

AnkitSharma13

Security Officer at a tech vendor with 10,001+ employees

Web scanning needs improvement but offers good vulnerability detection

The downside of Qualys Web Application Scanning is that it cannot crawl automatically. If I provide an IP address and a login form, it does basic testing, but it doesn't go deep as IBM AppScan does. If Qualys Web Application Scanning could improve its crawling capability, it would be more user-friendly. Qualys Web Application Scanning does IP-level testing, requiring direct input of credentials, and can only scan a few pages to provide known generic vulnerabilities, which isn't as beneficial from my point of view. The Vulnerability Management also relies heavily on version numbers and will flag vulnerabilities based on the component version, but it doesn't check if a real fix exists, leading to flags on components that actually have workarounds available.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Lifecycle features, because they permit us to show non-technical people the risk and costs hidden into the code due to bad programming practices."

"We have been using this solution for one and a half years."

"From the tool itself, the developer can run an analysis with the same quality, and with this tool, every developer has the opportunity to do an unlimited analysis."

"We switched because Kiuwan covers the entire SDLC; provides direct information to act upon, for the developer, architects, QA, CIO and CISO, in a few seconds; automatically, fully integrated in any CI/CD setup."

"Lifecycle features, because they permit us to show non-technical people the risk and costs hidden into the code due to bad programming practices."

"I like that it provides a detailed report that lets you know the risk index and the vulnerability."

"The solution will measure your development team, give a KPI for the CISO, reduce the time it takes to find and correct coding errors, and more."

"We use Kiuwan to locate the source of application vulnerabilities."

More Kiuwan pros

"It works with many different products."

"Network scanner has good reporting, coverage was also good."

"We’re a Linux shop and Qualys gave us good Linux vulnerability scanning; it reports only a few glaring false-positive errors, and the long baseline of iterative results was valuable to track changes and our rate of improvement while access to the API let us automate its use in our CI/CD pipeline for machine images."

"With our vulnerabilities under control, it puts our services in compliance and minimizes our risk for exposure."

"The vulnerability management feature is a strong one. And also the patch management feature."

"Qualys Web Application Scanning is user-friendly, easy to understand, easy to use, and easy to deploy."

"The product prevents possible vulnerabilities in our network."

"With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."

More Qualys Web Application Scanning pros

Cons

"I would like to see better integration with the Visual Studio and Eclipse IDEs."

"We faced a lot of problems with the initial setup and support gave us difficulties around the installation."

"I would like to see better integration with Azure DevOps in the next release of this solution."

"I would like to see additional languages supported."

"DIfferent languages, such Spanish, Portuguese, and so on."

"Different languages, such Spanish, Portuguese, and so on."

"I would like to see additional languages supported."

"The integration process could be improved. It'll also help if it could generate reports automatically, but I'm not sure about the effectiveness of the reports because in our last project, we still found some key issues that weren't captured by the Kiuwan report."

More Kiuwan cons

"In certain cases, this product does have false positives, which the company should work on."

"The product should allow users to upload their payloads."

"In certain cases, this product does have false positives, which the company should work on."

"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."

"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions."

"The authenticated scanning feature could be improved by adding support for real-time scanning tokens and authorization tokens."

"The organization of the assets was a little confusing and overwhelming."

"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."

More Qualys Web Application Scanning cons

Pricing and Cost Advice

"It follows a subscription model. I think the price is somewhere in the middle."

"The price of Kiuwan is lower than that of other tools on the market."

"Kiuwan is an open-source solution and free to use."

"This solution is cheaper than other tools."

"I recommend contacting a sales person who will create the best plan payment plan for you, as we did."

"Nothing special. It's a very fair model."

"Check with your account manager."

"There are different options available with respect to licensing."

"Try the free trial of the product to understand the basic working mechanisms."

"I rate the software’s pricing a six out of ten."

"The product pricing is fair and reasonably priced."

"It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders."

"Licensing was based on the number of assets that you want to scan on your network. You can also do licensing on subscription. On subscription, it is easier and more flexible. You tell Qualys that you want to move from the 1000 to 2000 band or the 3000 or 5000 band, then they will give you the quotation for it. Once you pay for it, applying the licensing is quite easy and effective."

"The product has a very good licensing model."

"Qualys WAS' pricing is competitive."

More Qualys Web Application Scanning pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

893,244 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

University

11%

Computer Software Company

Financial Services Firm

Manufacturing Company

Financial Services Firm

13%

Manufacturing Company

12%

Computer Software Company

Comms Service Provider

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	16
Midsize Enterprise	4
Large Enterprise	6

By reviewers
Company Size	Count
Small Business	8
Midsize Enterprise	6
Large Enterprise	27

Questions from the Community

Ask a question

Earn 20 points

What is your experience regarding pricing and costs for Qualys Web Application Scanning?

Regarding pricing, I think for personal use, it is costly, but if organizations are ready to pay, then it is fine as they are using it.

See all answers

What needs improvement with Qualys Web Application Scanning?

See all answers

What is your primary use case for Qualys Web Application Scanning?

I use Qualys Web Application Scanning, and we are using Vulnerability Management. By Vulnerability Management, I mean not TotalCloud; they have some on-premises solutions also. Patch Management and...

See all answers

Comparisons

SonarQube vs Kiuwan

Compared 20% of the time

Veracode vs Kiuwan

Compared 11% of the time

GitHub vs Kiuwan

Compared 8% of the time

Checkmarx One vs Kiuwan

Compared 7% of the time

More Kiuwan Competitors

Checkmarx SAST vs Qualys Web Application Scanning

Compared 7% of the time

OWASP Zap vs Qualys Web Application Scanning

Compared 7% of the time

SonarQube vs Qualys Web Application Scanning

Compared 6% of the time

PortSwigger Burp Suite Professional vs Qualys Web Application Scanning

Compared 6% of the time

Veracode vs Qualys Web Application Scanning

Compared 5% of the time

More Qualys Web Application Scanning Competitors

Product Reports

Buyer's Guide

Kiuwan

May 2026

Download Kiuwan product report

Buyer's Guide

Qualys Web Application Scanning

April 2026

Download Qualys Web Application Scanning product report

Also Known As

No data available

Qualys WAS

Overview

Kiuwan offers comprehensive security and vulnerability testing capabilities, focusing on code analysis, fast scanning, and detailed risk assessments. Supporting many technologies, it integrates well into development workflows to ensure code compliance and enhance code quality.

Known for its application portfolio governance, Kiuwan provides fast scanning and reporting features, alongside an intuitive interface. It supports languages from COBOL to JavaScript, offering modular capabilities and security integration for continuous deployment. Developers can perform efficient local or cloud-based scans, benefiting from action plans for better code correction. Integration with tools like Jenkins facilitates quick processing and detailed risk assessments, while challenges remain in language support expansion and smoother integration with Azure DevOps and popular IDEs. Enhanced frameworks and mobile development testing would amplify its utility, with users seeking improved navigation, report downloading, and technical support.

What are the most important features of Kiuwan?

Fast Scanning: Provides quick scans for immediate insights.
Reporting: Robust features for generating detailed reports.
Intuitive UI: Easy-to-navigate interface.
Technology Coverage: Supports a range of languages from COBOL to JS.
Tool Integration: Seamlessly integrates with Jenkins for CI/CD processes.
Modularity: Allows specific models for targeted analysis.

What benefits or ROI should users look for in Kiuwan reviews?

Enhanced Code Security: Identifies vulnerabilities swiftly and efficiently.
Continuous Integration: Facilitates ongoing security assessments.
Improved Code Compliance: Helps maintain adherence to coding standards.
Actionable Insights: Provides risk assessments with actionable recommendations.

In industries focused on software development, Kiuwan is integral for security and vulnerability assessments. It's embedded into workflows to analyze, detect and correct vulnerabilities, addressing threats like SQL injection and adhering to OWASP Top 10. The tool supports secure coding practices and performance evaluation, aiding organizations in maintaining rigorous security standards.

Kiuwan

Qualys Web Application Scanning offers advanced vulnerability management, progressive scheduling, and seamless integration with DevOps environments. Its user-friendly design enables enterprises to enhance security with comprehensive scanning and detailed forensic insights.

Qualys Web Application Scanning addresses enterprise-level security challenges by providing robust solutions for vulnerability management, penetration testing, and compliance checks. While easing the navigation process, it supports risk mitigation with precise risk ratings, minimal false positives, and detailed reporting. However, it faces challenges with its complex interface, authenticated scanning, and automation features. Integrating smoothly with CI/CD pipelines, it is suitable for continuous and automated scanning, adapting to diverse company requirements.

What are the standout features of Qualys Web Application Scanning?

Progressive Scheduling: Enables efficient management of scanning activities, optimizing for time-sensitive scenarios.
Vulnerability Management: Offers robust identification and management of vulnerabilities across various applications.
Integration with DevOps: Seamlessly integrates with CI/CD pipelines, supporting rapid development cycles.
Risk Ratings: Provides precise risk assessments, crucial for prioritizing security efforts.
Engaging Dashboard: Offers an intuitive interface for navigating security tasks efficiently.

What benefits or ROI should users look for in Qualys Web Application Scanning reviews?

Scalability: Supports enterprise needs with a design adaptable to diverse security demands.
Risk Mitigation: Detailed alerts and forensic insights aid in reducing potential threats.
Comprehensive Reporting: Facilitates informed decision-making with clear, concise reports.
Penetration Testing: Enhances security assessments with ongoing evaluation capabilities.

Organizations across sectors like education, banking, and international data centers leverage Qualys Web Application Scanning for conducting penetration testing, scanning web applications, and managing vulnerabilities. It aids in audit security and compliance, identifying threats, and generating user-friendly reports, making it a valuable asset for maintaining strong security postures.

Qualys

Sample Customers

DHL, BNP Paribas, Zurich, AXA, Ernst & Young, KFC, Santander, Latam, Ferrovial

BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.

Buyer's Guide

Kiuwan vs. Qualys Web Application Scanning

April 2026

Free Report: Kiuwan vs. Qualys Web Application Scanning

Find out what your peers are saying about Kiuwan vs. Qualys Web Application Scanning and other solutions. Updated: April 2026.

DOWNLOAD NOW

893,244 professionals have used our research since 2012.

See our Kiuwan vs. Qualys Web Application Scanning report.

See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.