Qualys Web Application Scanning (WAS) has been named a leader in the GigaOm Radar Report for Application Security Testing, 2023. Web app security is critical for every organization, for attacks on this vector caused 25% of breaches, according to the Verizon 2023 Data Breach Investigations Report. The new GigaOm Radar frames the technical capabilities for web app security and describes how Qualys Web Application Scanning (WAS) is a leader of 15 competing solutions. This blog provides a brief summary of the GigaOm Radar’s findings.
What GigaOm Says About Qualys WAS
The intent of the GigaOm Radar report, written by Don McVittie, Research Analyst, is to equip IT decision-makers with comparative information needed to select an application security testing solution with the best fit for their business and use case requirements. We suggest you download the report for all the details. Some of the report’s highlights about Qualys WAS are:
Superior threat analysis – “The number of vulnerability feeds that Qualys includes is rarely if ever, matched by the other vendors in this market. The more you know what to look for, the more secure the application is. The expansiveness of the offering, combined with its architecture and presentation being unified, makes this product a good choice for security simplification projects.”
Central, unified solution – ‘Qualys’ other major strength is its all-in-one approach to application security. The wide selection of test tools available from Qualys all share a single dataset. The knowledge that the source composition analysis scan showed an application does not use a given library can inform other tools that this application is not vulnerable to flaws known to exist in that library.
The same is true in reverse, with the knowledge that a given application uses a particular—and suspicious—module, framework, or library spawning extra scans. This capability contributed to Qualys’ top score in results filtering and was the primary driver behind its top score in breadth of coverage.”
“Qualys API security testing is on par for this market space. Qualys has even more functionality in the pipeline.”
“Qualys has offerings that go beyond application security testing, though with solid functionality in this area.”
GigaOm Radar for Application Security Testing
The GigaOm Radar below plots the positions of all the vendors in the Report based on critical technical capabilities and features that support the needs of modern web application testing. Vendors in the concentric ring closest to the center are judged to be of higher overall value. The arrow projects each solution’s evolution over the next 12 to 18 months.
Note the projection for Qualys WAS: aiming close and straight for the center bullseye!
AppSec Testing Criteria and Metrics in GigaOm Radar
GigaOm’s comparative analysis of Qualys and its competitors used three major categories. These were:
- Key criteria differentiate solutions based on features and capabilities, which are the primary considerations for evaluating an application security testing solution. Qualys was rated “Exceptional” and “Capable” across these key criteria.
In this report, Exceptional stands for outstanding focus and execution. Capable stands for good but with room for improvement.
- CVE Feeds – Exceptional
- Mobile App Security Support
- API Security Support – Capable
- Integrations – Exceptional
- Results Filtering – Exceptional
- Traditional App Support – Capable
- Security Services – Capable
- Evaluation metrics provide insight into the non-functional requirements in a purchase decision and determine a solution’s impact on an organization. Qualys was rated “Exceptional” and “Capable” across these evaluation metrics. Flexibility – Exceptional
- Scalability – Capable
- The breadth of Coverage – Exceptional
- Automation Enablement – Exceptional
- Emerging technologies show how well each vendor takes advantage of technologies that are not yet mainstream but are expected to become more widespread and compelling within the next 12 to 18 months. Qualys was rated “Capable” across these key criteria.
- Data Security Support – Capable
- IaC Security Support – Capable
Why Customers Choose Qualys WAS
4000+ global customers across market segments – large, SMB, SME, federal, and state/county trust Qualys WAS to scan thousands of web apps every day. Here are a few use cases:
|Comprehensive Vulnerability Discovery|
Discover internal, external, and previously unknown web assets and forgotten web applications exposed to the internet.
Protect business name and reputation while preventing financial loss due to malware data theft.
|PII Collection and Exposure Detection|
Prevent financial loss due to PII data theft and fines.
With customized pass/fail criteria for builds, developer teams can be sure their applications deploy without software vulnerabilities.
|3rd Party Vulnerability Consolidation|
Import vulnerabilities from 3rd-party manual penetration tests alongside WAS detections for a comprehensive view of web application security.
Leveraging ticketing automation allows remediation to start as soon as the scan completes, reducing MTTR.
Runtime vulnerabilities in REST and SOAP APIs are identified before attackers can exploit them.
Get the GigaOm Report Today!
We invite you to get all the details in the GigaOm Radar and learn why Qualys WAS is a leader amongst 14 other vendors.
Download the GigaOm Radar, Read Its Insights, and Take Action!