Today's battle for a Webapp pentest tool bake-off winner ends today with a brief look at...

Qualys

  • I like that it has a suite of vuln-scanning tools somewhat in the vein of Rapid 7's family of products

  • The Webapp scanner seems very functional, but interface is kind of cluttered and a little intimidating for newbs.

  • I love their SSL Labs tool!

  • The LAN-side version of their Webapp scanner is a downloadable VM rather than a package you can just install on a workstation machine.

  • Pricing seems average-to-low in comparison with the other tools I evaluated (Appspider/Netsparker/Acunetix).

  • I don't really like the idea of partnering with a company that offers a Webapp scanning tool in a mix of other tools because I question what the support/service chain will be like and how quickly my issues will be attention. Netsparker, in contrast, only makes Netsparker, which I like.