Combination of Security Analysis Techniques Offers Most Complete and Accurate Assessment of Critical, Exploitable Application Vulnerabilities

Web Security : Combination of Security Analysis Techniques Offers Most Complete and Accurate Assessment of Critical, Exploitable Application Vulnerabilities

Posted by Max on 2006/10/9 9:42:14 (956 reads)

Ounce Labs, the leader in software security assurance, today announced product integration that combines its product's source code security assessment results with findings from Cenzic? Hailstorm?, SPI Dynamics? WebInspect?, and Watchfire? AppScan?. Advancements in Ounce's open architecture enable customers now to import results directly from their existing penetration testing tools to achieve a higher level of insight into the security of their software.

"Penetration testing tools offer a valuable method of exposing vulnerable areas of a Web application through hacking techniques, but users typically want more detailed, code-level information to guide an effective risk management strategy," said Hugh Scandrett, president and CEO of Ounce Labs. "We addressed this need by extending the Ounce reporting structure so customers have the best of both worlds. With this integration, they can immediately improve their software vulnerability assessment and remediation efforts, leveraging both static and dynamic analysis in a single view."

According to Gartner Research's MarketScope for Web Application Security Vulnerability Scanners, 2006, "[The Web application security vulnerability scanning] market will likely converge with the source code security vulnerability scanning tool market, because together, the tools provide a more comprehensive security evaluation of applications."

In addition to Web applications, Ounce is able to analyze software throughout the organization, including legacy and back-end applications, providing a valuable complement to penetration testing tools, which can only analyze Web-facing systems. Unlike other source code analysis products, the Ounce solution goes beyond pinpointing simple coding errors to also identify security design flaws such as weak encryption, poor authentication, and lack of access control. With the inclusion of penetration testing results into Ounce's industry-leading breadth of static analysis, customers now get a complete picture of their application vulnerability and exploitability, which ultimately leads to more informed audit, security, and risk management decisions.

For more information on Ounce's integration with Web penetration testing tools, please send questions to integration@ouncelabs.com.

Previous article - Next article

Other articles
2008/8/13 16:42:03 - 10 Million Zombies Are Spreading Spam and Malware Every Day
2008/8/11 9:03:35 - Nearly $8.5 Billion Lost by US Consumers because of Online Threats
2008/8/8 6:35:36 - EDS' Eight Tips for Consumers to Protect Themselves from Identity Theft
2008/8/4 11:16:32 - NovaShield, Inc. Launches NovaShield AntiMalware Version 2.0 With 90-Day Free Trial
2008/8/3 4:35:31 - Full P2P Anonymity using Torrent Privacy

The comments are owned by the poster. We aren't responsible for their content.