Review: Ounce Labs 5.0

By

Ounce Labs 5.0 is a static source code analysis solution based primarily on two separate components. The application approaches application vulnerability assessment by statically analysing source code and supports many different languages, including C/C++, Java/JSP,.NET (C#, VB.NET, ASP.NET) Classic ASP (VB and Javascript) and Visual Basic.

For: Good performance, many useful features, very detailed technical results
Against: The Security Analyst user interface can feel over-crowded
Verdict: A good addition to any software development lifecycle and providing solid value for the price

Review: Ounce Labs 5.0
The application approaches application vulnerability assessment by statically analysing source code and supports many different languages, including C/C++, Java/JSP,.NET (C#, VB.NET, ASP.NET) Classic ASP (VB and Javascript) and Visual Basic.

We found installation a bit challenging at times. Plug-ins are an option at the initial installation screen, but revisiting these options after the base installation was completed meant re-installing the entire product. Ounce installs on many Windows-based operating systems as well as Solaris and Red Hat. Support for different compilers is included, and plug-ins for RAD, Eclipse and Visual Studio are optional.

The main components are the Ounce Portfolio Manager, a web-based dashboard, and the Security Analyst, where most of the configuration and assessment work is performed. Because the product contains many different features and perspectives, the Security Analyst window may contain a large amount of information at any one time and often feels cluttered. It is based on three primary views that reflect configuration, triage and analysis respectively.

The product performed very well in our testing and found numerous vulnerabilities in our test source code. Once an assessment project is completed, the results can be pushed to its web-based dashboard for a more user-friendly dashboard view. From a design perspective, the two components appear very different, giving the overall solution a slightly lopsided feel when switching between the two.

Documentation is helpful, but we would have liked to see more screenshots. Help is also only launched from within the application, as standalone PDF files had to be retrieved directly from the install folders and are not displayed in the start menu for Windows installations.

Pricing for Ounce Labs 5.0 is based on an annual license. Cost is US$1,500. Perpetual licenses are available for US$2,750. Gold level support is available for 20 percent of the net product fee.

The Ounce Labs support site does list a support phone number and hours of operation, but the searchable knowledge base only contained three entries at the time of testing.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
50security

Sponsored Whitepapers

Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.

Events

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul
Victoria's first government tech chief steps down

Victoria's first government tech chief steps down
SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift
CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?