Today’s battle for a Webapp pentest tool bake-off winner ends today with a brief look at…

Qualys

• I like that it has a suite of vuln-scanning tools somewhat in the vein of Rapid 7’s family of products

• The Webapp scanner seems very functional, but interface is kind of cluttered and a little intimidating for newbs.

• I love their SSL Labs tool!

• The LAN-side version of their Webapp scanner is a downloadable VM rather than a package you can just install on a workstation machine.

• Pricing seems average-to-low in comparison with the other tools I evaluated (Appspider/Netsparker/Acunetix).

• I don’t really like the idea of partnering with a company that offers a Webapp scanning tool in a mix of other tools because I question what the support/service chain will be like and how quickly my issues will be attention. Netsparker, in contrast, only makes Netsparker, which I like.