We performed a comparison between PortSwigger Burp Suite Professional and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution scans web applications and supports APIs, which are the main features I really like."
"For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host."
"The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well."
"The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
"It helps in API testing, where manual intervention was previously necessary for each payload."
"The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."
"I am impressed with the tool's detailed analysis for penetration testing. AppScan can give only visibility, but it can't do the PT part. But the PortSwigger Burp Application can do both, and it gives much more visibility on the PT rating."
"We are mostly using it for scanning the entire website. So, we basically create a script with the entire website and then run it for different injections."
"The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good."
"The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"The vulnerability management feature is a strong one. And also the patch management feature."
"Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."
"The product prevents possible vulnerabilities in our network."
"It is easy to use."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"There needs to be better documentation provided. Currently, we need to buy books, or we need to review online some use cases from other professionals who have been using the solution to find out their experience. It is not easy to find out how to properly do a security assessment."
"Improvement should be done as per the requirements of customers."
"Currently, the scanning is only available in the full version of Burp, and not in the Community version."
"There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual."
"You can have many false positives in Burp Suite. It depends on the scale of the penetration testing."
"I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us."
"In the Professional version, we cannot link it with the CI/CD process."
"The Burp Collaborator needs improvement. There also needs to be improved integration."
"The support could be faster."
"Deployment can be complicated."
"The software’s pricing could be improved."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"It should have better automatic reporting."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
More Qualys Web Application Scanning Pricing and Cost Advice →
PortSwigger Burp Suite Professional is ranked 10th in Application Security Tools with 57 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. PortSwigger Burp Suite Professional is rated 8.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and SonarQube, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, Fortify WebInspect and Tenable.io Web Application Scanning. See our PortSwigger Burp Suite Professional vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.