We performed a comparison between PortSwigger Burp Suite Professional and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The tool provides complimentary services. It allows you to add a lot of extensions, and you can get extensions quite often. It is quite a flexible application."
"I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is the Burp scanner that is THE most powerful, valuable, and an awesome feature."
"The solution is quite helpful for session management and configuration."
"You can download different plugins if you don't have them in the standard edition."
"The most valuable feature is Burp Collaborator."
"I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis."
"The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned."
"The extension that it provides with the community version for the skills mapping is excellent."
"We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"The vulnerability management feature is a strong one. And also the patch management feature."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera."
"It is easy to use."
"The biggest drawback is reporting. It's not so good. I can download them, but they're not so informative."
"The technical support team's response time is mostly delayed and should be improved."
"It would be good if the solution could give us more details about what exactly is defective."
"There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI."
"Scanning needs to be improved in enterprise and professional versions."
"Sometimes the solution can run a little slow."
"The scanner and crawler need to be improved."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"The virus code updates are not frequent enough."
"There should be better visibility into the application."
"The solution needs to adjust its pricing. They should make it more affordable."
"They should try to include business logic vulnerabilities in the scanner testing."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"The support could be faster."
"The pricing does not seem to be competitive."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
More Qualys Web Application Scanning Pricing and Cost Advice →
PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 57 reviews while Qualys Web Application Scanning is ranked 18th in Application Security Tools with 31 reviews. PortSwigger Burp Suite Professional is rated 8.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and SonarQube, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, Fortify WebInspect and Tenable.io Web Application Scanning. See our PortSwigger Burp Suite Professional vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.