Reviews (1-2 of 2)
December 20, 2019
Score 8 out of 10
Our Qualys Web Application Scanning (WAS) is being used to scan all our internal and external-facing websites. The Qualys Web Application Scanning (WAS) helps us to identify, report and remediate vulnerabilities in our web applications (which are the most common entry point for hackers), improving our security posture and reducing the risk of a cyber attack.
- Excellent coverage in terms of vulnerabilities. From SQL injections to buffer overflows.
- It is integrated with the Qualys Cloud Platform, which is our company-wide vulnerability management solution.
- The initial setup of a new web application is a little bit complicated (but once it is set up, it works perfectly).
- It may trigger all your detection tools and generate false-positive incidents (as any vulnerability scanner).
Read this authenticated review
A Web Application vulnerability manager should never replace a proper penetration testing. However, Qualys Web Application Scanning (WAS) is suitable for periodic scans so that you can keep track of vulnerabilities in your environment. I find the Qualys Web Application Scanning (WAS) especially useful when you have canned web solutions (such as WordPress or Joomla) since you can easily detect missing patches and vulnerabilities.
Score 9 out of 10
Qualysguard Web Applications Scanning is a great jumping off point for companies who wish to know any vulnerabilities and/or misconfigurations in their web site or environment. I find it is very cost effective and an asset even in the development phase.
- Discovering simple to fix vulnerabilities like cross-site scripting or SQL injection are a breeze using Qualys WAS.
- Since it is cloud based running the tests from anywhere is a great feature.
- Qualys WAS is very cost effective. Having the tests automated lets you get a jump on the fixes without having to manually test each and every application manually.
- Sometimes support can be a bit slow off the mark but in general it is good.
- The scans can take longer than anticipated.
- The reports can take a lot of customizing.
Read Larry Sullivan's full review
If you are a company with limited resources and are looking for a reasonable solution for your WAS security needs then I highly recommend Qualys WAS. It is a great tool for quick and one-off testing of web applications.
Qualys WAS Scorecard Summary
About Qualys WAS
Qualys Web Application Scanning (WAS) (formerly QualysGuard WAS), from Qualys headquartered in Redwood City, California, scans web apps for security threats.
Categories: Application Security
Qualys WAS Technical Details