Ounce integrated with pen testing tools
Ounce Labs has announced that its product's source code security assessment results can be combined with findings from Cenzic Hailstorm, SPI Dynamics WebInspect and Watchfire AppScan.
Thanks to advancements in Ounce's open architecture, customers can now import results directly from their existing penetration testing tools to gain greater insight into the security of their software.
"Penetration testing tools offer a valuable method of exposing vulnerable areas of a Web application through hacking techniques, but users typically want more detailed, code-level information to guide an effective risk management strategy," said Hugh Scandrett, president and CEO of Ounce Labs. "We addressed this need by extending the Ounce reporting structure so customers have the best of both worlds. With this integration, they can immediately improve their software vulnerability assessment and remediation efforts, leveraging both static and dynamic analysis in a single view."
In addition to Web applications, Ounce is able to analyse software throughout the organisation, including legacy and back-end applications. Unlike other source code analysis products, the Ounce solution goes beyond pinpointing simple coding errors to also identify security design flaws such as weak encryption, poor authentication and lack of access control.
For more information on Ounce's integration with Web penetration testing tools, send questions to firstname.lastname@example.org.
Cenzic, Ounce Labs partner
Cenzic and Ounce Labs announced the integration of Ounce and Cenzic Hailstorm. The combination will help companies accurately pinpoint exploitable vulnerabilities at the line of code.
Customers using both Ounce and Hailstorm will be able to accurately identify exploitable application vulnerabilities and trace each one directly to the flawed line of code for remediation. This level of analysis enables users to immediately identify their most critical and exploitable software flaws, investigate them in full detail, and take appropriate steps for remediation.
"Comprehensive and actionable analysis of software vulnerabilities is extremely important to our customers, and integrating with Cenzic's powerful analysis helps us continue to meet this need," said Hugh Scandrett, president and CEO of Ounce Labs. "As targeted attacks on web applications grow in frequency and severity, this integrated approach is the most efficient, effective way to reduce exposure and ensure data privacy and integrity."
The companies have also agreed to partner on joint marketing and reselling of each other's products.