Qualys Web Application Scanning vs Rapid7 InsightAppSec comparison

The compared Qualys and Rapid7 solutions aren't in the same category. Qualys is ranked #13 in AS , with an average rating of 8.4, and holds a 2.0% mindshare in the category. Rapid7 is ranked #4 in DAST , with an average rating of 7.9, and holds a 12.0% mindshare. Additionally, 87% of Qualys users are willing to recommend the solution, compared to 94% of Rapid7 users who would recommend it.

Qualys Web Application Scan...

Read 38 Qualys Web Application Scanning reviews

2,831 Views
2,169 Comparison Views

87% willing to recommend

Rapid7 InsightAppSec

Read 18 Rapid7 InsightAppSec reviews

383 Views
258 Comparison Views

94% willing to recommend

Qualys Web Application Scan...

Rapid7 InsightAppSec

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Qualys Web Application Scanning and Rapid7 InsightAppSec based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Qualys Web Application Scanning vs. Rapid7 InsightAppSec Report (Updated: May 2022).

Buyer's Guide

Qualys Web Application Scanning vs. Rapid7 InsightAppSec

May 2022

Download the complete report

Helped 851,604 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Qualys Web Application Scan...

Average Rating

7.8

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Application Security Tools (13th), Static Application Security Testing (SAST) (11th)

Rapid7 InsightAppSec

Average Rating

8.2

Reviews Sentiment

7.7

Number of Reviews

Ranking in other categories

Dynamic Application Security Testing (DAST) (4th)

Mindshare comparison

While both are Quality Assurance solutions, they serve different purposes. Qualys Web Application Scanning is designed for Application Security Tools and holds a mindshare of 2.0%, down 2.1% compared to last year.
Rapid7 InsightAppSec, on the other hand, focuses on Dynamic Application Security Testing (DAST), holds 12.0% mindshare, down 13.1% since last year.

Application Security Tools

Dynamic Application Security Testing (DAST)

Featured Reviews

SubhajitAich

Security Consultant at Cognizant

A stable solution that can be used for infrastructure vulnerability scanning and web application scanning

Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly. Compared to other solutions like Tenable and Rapid7, you need to navigate a lot to get the actual results out of Qualys Web Application Scanning. If I have to search for one thing within the entire console, I have to look for it randomly. It's not very easy and very comfortable to find something. Overall, it's a very good solution, but it will be very good if the tool is more user-friendly.

Read full review

Nixon Bagalkoti

Cyber Security Lead at a printing company with 201-500 employees

A user-friendly, well-priced solution with Attack Replay feature and good customization options

Scanning can be better. When you add new projects for the same product, it either duplicates or replaces the scan configuration. If I run a scan for the same product with a different scan configuration, it should keep the previous scan configuration and not replace it with the new scan configuration. It should just add the new scan configuration. That would be helpful. They do keep the results as it is, but the scan configuration keeps changing. For example, I have set a scan configuration to a full scan, and next week, I want to run a new scan for the same product with some changes or new functionalities. I want to run a partial scan. Currently, if I change the scan configuration to partial, it changes the old one also to partial. That should be improved. They need to work on the user interface and management of all the projects. Their support can also be improved a little. They should also focus on a wider integration scale and end-to-end scanning.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."

"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."

"Qualys Web Application Scanning is user-friendly, easy to understand, easy to use, and easy to deploy."

"Automated scanning has significantly improved our web application security management by reducing manual work."

"The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good."

"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."

"It scans web applications to identify vulnerabilities during deployment."

"The interface is user-friendly and easy to understand."

More Qualys Web Application Scanning pros

"When considering DAST, it is not attributed to a singular feature but rather the capabilities of the engine that provides a genuine penetration testing experience and delivers insightful reports."

"We have seen measurable decrease in the mean time to respond to threats by 20 percent."

"It uses a signature-based method to check for problems with your code and will provide an alert if anything is found."

"The solution is stable."

"Rapid7 InsightAppSec helps us in both regulatory compliance and in strengthening our security posture."

"I rate stability ten out of ten."

"It's very easy to use and user-friendly. It does the job."

"You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well."

More Rapid7 InsightAppSec pros

Cons

"We have many websites. We don't force scanning on all of them at once because it's taking some time."

"The scanner reports a lot of false positives, which is something that needs to be improved."

"It is unclear how to build automation on Qualys. We do some automation, but not fully, because working is difficult."

"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."

"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."

"One area for improvement is the user interface. The new UI, which was recently upgraded, feels more complex and less user-friendly than the old version."

"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."

"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."

More Qualys Web Application Scanning cons

"The product’s pricing could be flexible."

"There is room for improvement in Rapid7 InsightAppSec by giving clients the ability for extra columns on reports and enabling the extraction of remediation reports into a CSV format. Currently, the PDF format is cumbersome to go through when dealing with thousands of pages."

"The number of web applications we can scan is limited."

"The only concern I have with Rapid7 is that it does not provide enough information about vulnerabilities within AppSec."

"In the future, if they can have integration with a lot of ticketing systems then it would be amazing."

"We get a lot of false positives during the tests."

"They should add more features. I would like to see them do a little more on static analysis and also interactivity analysis. Currently, it does very basic static analysis. It could do a little more static analysis, which is something that would help. A lot more interactivity analysis should also be there. It should basically look at security during interactivity."

"The interface should be a little bit easier to manage. Sometimes, the logic that they use is kind of strange. They need to work a little bit more on their interface to make it more understandable. The interface is the only problem. I'm using Rapid7, which is very intuitive. There are other applications available in the market with a better interface. They can include more techniques or options to test different types of security because the templates are limited. It would be great to see them follow the MITRE ATT&CK framework or what is there in tools like Veracode and Synopsys."

More Rapid7 InsightAppSec cons

Pricing and Cost Advice

"Licensing was based on the number of assets that you want to scan on your network. You can also do licensing on subscription. On subscription, it is easier and more flexible. You tell Qualys that you want to move from the 1000 to 2000 band or the 3000 or 5000 band, then they will give you the quotation for it. Once you pay for it, applying the licensing is quite easy and effective."

"It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders."

"Pricing was reasonable and competitive. It was not too far above the other products."

"The cost is $30,000 USD for one year to cover WAS (Web Application Security) and the VM (Virtual Machine) security in a company with 200 employees."

"From my perspective, it is a budget-friendly option."

"The product is expensive, at least initially, in comparison to other products in this category."

"It is an expensive platform."

"We normally purchase an annual license."

More Qualys Web Application Scanning pricing and cost advice

"They offer a good price, but I don't remember its cost. It is fair as compared to the competition. We have opted for project-based licensing, not user-based. We can add any number of users. That doesn't matter. It is worth the money."

"Its price is competitive. It is not expensive."

"I rate Rapid7 InsightAppSec’s pricing an eight out of ten."

"The price of this product is very cheap."

"Rapid7 InsightAppSec is cheap."

"I'm not sure how much it costs exactly, but I know it's expensive."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

851,604 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

16%

Financial Services Firm

14%

Manufacturing Company

10%

Government

Computer Software Company

17%

Financial Services Firm

15%

Manufacturing Company

11%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Qualys Web Application Scanning?

The vulnerability management feature is a strong one. And also the patch management feature.

See all answers

What is your experience regarding pricing and costs for Qualys Web Application Scanning?

I find it a bit expensive compared to other competitors.

See all answers

What needs improvement with Qualys Web Application Scanning?

I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus ( /products/tenable-nessus-reviews ). After using the product for a year, I might have more s...

See all answers

What do you like most about Rapid7 InsightAppSec?

In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to p...

See all answers

What needs improvement with Rapid7 InsightAppSec?

Currently, I do not see any specific areas for improvement except for possibly lowering the price.

See all answers

What is your primary use case for Rapid7 InsightAppSec?

I use Rapid7 InsightAppSec ( /products/rapid7-insightappsec-reviews ) for dynamic application security testing. My main focus is on the quality of detection, specifically detecting vulnerabilities ...

See all answers

Comparisons

OWASP Zap vs Qualys Web Application Scanning

Compared 18% of the time

SonarQube Server (formerly SonarQube) vs Qualys Web Application Scanning

Compared 10% of the time

Veracode vs Qualys Web Application Scanning

Compared 9% of the time

Fortify WebInspect vs Qualys Web Application Scanning

Compared 7% of the time

ImmuniWeb vs Qualys Web Application Scanning

Compared 2% of the time

More Qualys Web Application Scanning Competitors

Rapid7 AppSpider vs Rapid7 InsightAppSec

Compared 30% of the time

PortSwigger Burp Suite Professional vs Rapid7 InsightAppSec

Compared 13% of the time

OWASP Zap vs Rapid7 InsightAppSec

Compared 12% of the time

Acunetix vs Rapid7 InsightAppSec

Compared 10% of the time

PortSwigger Burp Suite Enterprise Edition vs Rapid7 InsightAppSec

Compared 5% of the time

More Rapid7 InsightAppSec Competitors

Product Reports

Buyer's Guide

Qualys Web Application Scanning

March 2025

Download Qualys Web Application Scanning product report

Buyer's Guide

Rapid7 InsightAppSec

May 2025

Download Rapid7 InsightAppSec product report

Also Known As

Qualys WAS

InsightAppSec

Overview

Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.

Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.

Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:

Deep Scanning: All apps and APIs on your internal network and public cloud are covered by Qualys WAS deep scanning to show you any visible vulnerabilities.
DevSec Ops Tool: Detect security issues in your code while still in app development stages and generate comprehensive reports.
Comprehensive Discovery: Discover and catalog new and unknown web apps in your network.
Malware Detection: Scan a website, identify vulnerabilities, and receive alerts to any infections.

Benefits of Qualys Web Application Scanning

Qualys Web Application Scanning offers many benefits, including:

Quick Deployment: Requires no infrastructure or software to upkeep.
Effortless Scalability: Effortlessly launch a deep scan and protect thousands of websites.
Centralized Management: Manage and mend all web app vulnerabilities through a single interface.
Excellent Integration Capabilities: Integrates with Qualys Web App Firewall (WAF) for a single-click virtual patching of found vulnerabilities.
Respond to Threats Immediately: Qualys Continuous Monitoring offers the user a hands-free service by automatically launching scanning and sending notifications of a potential threat.
Cost-effective Solution: Data is analyzed in real time as Qualys WAS is an end-to-end solution; this helps avoid costs associated with managing multiple security vendors.

Reviews from Real Users

Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.

P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."

Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."

Qualys

Your web applications may be complex, but your application security testing tool doesn’t need to be. InsightAppSec brings Rapid7’s proven Dynamic Application Security Testing (DAST) technology to the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. This enables you to identify XSS, SQL injection, CSRF, and other vulnerabilities with unparalleled ease. The best part? All of these capabilities are delivered via the cloud so that you’re up and running in minutes to identify the critical security risks that exist in your applications.

Rapid7

Sample Customers

BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.

CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace

Buyer's Guide

Qualys Web Application Scanning vs. Rapid7 InsightAppSec

May 2022

Free Report: Qualys Web Application Scanning vs. Rapid7 InsightAppSec

Find out what your peers are saying about Qualys Web Application Scanning vs. Rapid7 InsightAppSec and other solutions. Updated: May 2022.

DOWNLOAD NOW

851,604 professionals have used our research since 2012.

See our Qualys Web Application Scanning vs. Rapid7 InsightAppSec report.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.