Saturday July 4, 2009 10:03 PM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
 
Latest Comments
"Good! Its very good blog the for the people who are having debit collection and credit report ..."
on Fake Microsoft anti-spyware site stealing credit card info
by identity theft lawyers | Jul 4, 2009 6:55 PM
 
"nothing"
on Ads on Facebook serving up adware
by UMAIR | Jul 4, 2009 5:54 PM
 
"Thank you "
on Search engine promises completely private surfing
by Dr. Holub | Jul 4, 2009 11:17 AM
 
"Agree that wireless hotspots are an easy way for hackers to gather information from connected ..."
on New devices make hotspots a hacker's paradise
by Patrick Hooper | Jul 3, 2009 4:06 AM
 
"Katarzyna what has this got to do with Symantec?? "
on Mobile phone directory service faces consumer uproar
by PaulC | Jul 2, 2009 12:55 PM
Web

Ounce Labs 5.0

  • Email a Friend
  • Print Page
Ounce Labs 5.0
Product Info
Supplier:
Product Rating
Features:  5
Ease of Use:  4
Performance:  5
Documentation:  4
Support:  4
Value for Money:  5
Overall Rating:  Overall Rating
 
For: Good performance, many useful features, very detailed technical results
Against: The Security Analyst user interface can feel over-crowded
Verdict: A good addition to any software development lifecycle and providing solid value for the price
Related Articles
By Nathan Ouellette
Apr 28, 2008 12:16 PM | 2 Comments
Tags: OUNCE | 5.0
Ounce Labs 5.0 is a static source code analysis solution based primarily on two separate components. The application approaches application vulnerability assessment by statically analysing source code and supports many different languages, including C/C++, Java/JSP,.NET (C#, VB.NET, ASP.NET) Classic ASP (VB and Javascript) and Visual Basic.
The application approaches application vulnerability assessment by statically analysing source code and supports many different languages, including C/C++, Java/JSP,.NET (C#, VB.NET, ASP.NET) Classic ASP (VB and Javascript) and Visual Basic.

We found installation a bit challenging at times. Plug-ins are an option at the initial installation screen, but revisiting these options after the base installation was completed meant re-installing the entire product. Ounce installs on many Windows-based operating systems as well as Solaris and Red Hat. Support for different compilers is included, and plug-ins for RAD, Eclipse and Visual Studio are optional.

The main components are the Ounce Portfolio Manager, a web-based dashboard, and the Security Analyst, where most of the configuration and assessment work is performed. Because the product contains many different features and perspectives, the Security Analyst window may contain a large amount of information at any one time and often feels cluttered. It is based on three primary views that reflect configuration, triage and analysis respectively.

The product performed very well in our testing and found numerous vulnerabilities in our test source code. Once an assessment project is completed, the results can be pushed to its web-based dashboard for a more user-friendly dashboard view. From a design perspective, the two components appear very different, giving the overall solution a slightly lopsided feel when switching between the two.

Documentation is helpful, but we would have liked to see more screenshots. Help is also only launched from within the application, as standalone PDF files had to be retrieved directly from the install folders and are not displayed in the start menu for Windows installations.

Pricing for Ounce Labs 5.0 is based on an annual license. Cost is US$1,500. Perpetual licenses are available for US$2,750. Gold level support is available for 20 percent of the net product fee.

The Ounce Labs support site does list a support phone number and hours of operation, but the searchable knowledge base only contained three entries at the time of testing.

 
Products also reviewed in the Group Test Application vulnerability assessment tools:

Ads by Google
Thoughts on this article? Add a comment below.
Comments: 2
I have continually contacted ouncelabs to evaluate their software and I must say, they do not have a very broad vision where marketing their product is concerned. Fortify are a much more approachable group and have not hesitated to work with us even though we are internationally based.
SC Magazine - comments icon Posted by NadimJun 30, 2009 4:55 PM
Hi Nadim, I'm the chief marketing officer at Ounce Labs, and I disagree with your statement. Our relationships with both customers and those interested in becoming part of our Ounce Community are hallmarks of Ounce's success - including those that are internationally-based. Feel free to contact me directly, and I'll be happy to share Ounce's marketing vision with you, and explain exactly why Ounce - while somewhat smaller than Fortify - is positioned in the Leaders' quadrant of Gartner's application security Magic Quadrant for our completeness of vision and ability to execute, and has also been named a Champion by Bloor. Sincerely, Jennifer Sullivan (js@ouncelabs.com)
SC Magazine - comments icon Posted by Jennifer SullivanJun 30, 2009 11:56 PM
Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Exclusive Data Centre - Sponsored Content by Microsoft
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
apple business data facebook google internet malware mcafee microsoft patch privacy security software spam symantec technology twitter vulnerability web windows