Qualys Web Application Scanning Reviews

With our vulnerabilities under control, it puts our services in compliance and minimizes our risk for exposure.

The vulnerability scanning and patching features are the most valuable parts of the solution.

The solution needs to adjust its pricing. They should make it more affordable.

The solution is stable.

The cloud service makes the solution very scalable. We have about ten users right now, however we don't intend to increase usage at this time.

Technical support is excellent. I would rate it ten out of ten.

We've never used a different solution.

The initial setup was straightforward. Deployment took about two weeks.

Our internal team handled the implementation.

We did not evaluate other options before choosing Qualys.

We are using the cloud deployment model.

I would recommend other users to use Qualys Application Scanning for application security. If you're serious about security you need a service or a solution that does continuous scanning of your application and infrastructure. There are always vulnerabilities being introduced.

I would rate the solution eight out of ten.

There is nothing out of the box in the Qualys web application scanning module. One good thing is that it reports fewer false positives.

We use many other products along with Qualys. In a way, Qualys dashboards are good to keep track of vulnerabilities found asset-wise.

The tool should have a live HTTP editor and more configuration options for some situations, such as handling applications that have URL rewriting enabled.

The tool should have more mature APIs for integration and automation. They should provide more flexible APIs to download reports.

I have been using it for almost four years now.

Qualys is good, stability-wise.

Qualys is perfect, scalability-wise.

On a scale of 1-5 with 5 being the highest, I would rate technical support at 3.

I have used Nessus, Burp Suite, and IBM AppScan. Cost- and functionality-wise, I find Burp Suite the best of them all. AppScan is good, but very expensive and reports more false positives.

Setup is straightforward.

Licensing could be cheaper. It is expensive at present.

Qualys is only a good product for in-house vulnerability management programs. It is not feasible to use Qualys for client-facing consulting engagements because of the cost.

We have a lot of applications in our environment that we need to scan frequently. We have a lot of tutorial sites, e-learning sites, and other related websites which we have to build, maintain, and scan continuously for security purposes.

It definitely helps us with the remediation process as we can create different reports, whatever is required at the time. 

• It's cloud-based so the installation is not so tedious.
• Easily deployed.
• Highly scalable.
• Comprehensive reporting.

Also, you can integrate your Burp Suite results and create an integrated report. 

The way it shows the results - threats and exploit details - makes remediation very easy.

We have seen very few false positives. We found the documentation very useful, particularly the roll-out guide. While the tool is not hard to use, by dividing the documentation into sections, the company provided specific guidance on use cases that are not necessarily limited to the tool itself.

The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes. 

Also, occasionally it can't even authenticate to basic web forms.

Qualys offers one excellent support, which includes 24/7 phone and mail support, as well as access to its online user community.

It protects against zero-day vulnerabilities, like Heartbleed.

It's missing some zero-day patches.

I've used it for a few months.

No issues encountered.

No issues encountered.

No issues encountered.

It's high.

It's high.

I used Rapid7 NeXpose in another shop.

The product was already installed when I got there, I just added more scanning jobs and used the reports for remediation, etc.

I evaluated and selected Rapid7 NeXpose in a previous job (over QualysGuard) because the compliance department there vetoed using “an external service”. Also, we wanted to get Metasploit later.

Cloud hosted application, and was also accessible through mobile app.

Dynamic features for pen testing automation, with manual.

Network scanner has good reporting, coverage was also good. In Web scanner, dashboard was good but features were limited.

Please add manual penetration testing features. 

Also I didn't like the license terms and the features were limited compared to other tools used for web applications.

WAS and being able to integrate Selenium IDE to automate the login process was most helpful.

Scheduling feature allows to scan on the weekends and holidays in a planned way.

Enhancing the capability to find XSS.

I've used it for six months.

No issues encountered.

No issues encountered.

No issues encountered.

I've never had the chance to interact.

I've never had the chance to interact.

This would depend on the clients' requirements.

It's straightforward. In fact, it's one of the easiest solutions to implement.

We used a vendor team who had good expertise.

I would recommend this tool. Simply, go for it. The video tutorials would give an insight on the simplicity and effectiveness of the product.