Combination of Security Analysis Techniques Offers Most Complete and Accurate Assessment of Critical, Exploitable Application Vulnerabilities

Web Security : Combination of Security Analysis Techniques Offers Most Complete and Accurate Assessment of Critical, Exploitable Application Vulnerabilities

Posted by Max on 2006/10/9 9:42:14 (1902 reads)

Ounce Labs, the leader in software security assurance, today announced product integration that combines its product's source code security assessment results with findings from Cenzic? Hailstorm?, SPI Dynamics? WebInspect?, and Watchfire? AppScan?. Advancements in Ounce's open architecture enable customers now to import results directly from their existing penetration testing tools to achieve a higher level of insight into the security of their software.

"Penetration testing tools offer a valuable method of exposing vulnerable areas of a Web application through hacking techniques, but users typically want more detailed, code-level information to guide an effective risk management strategy," said Hugh Scandrett, president and CEO of Ounce Labs. "We addressed this need by extending the Ounce reporting structure so customers have the best of both worlds. With this integration, they can immediately improve their software vulnerability assessment and remediation efforts, leveraging both static and dynamic analysis in a single view."

According to Gartner Research's MarketScope for Web Application Security Vulnerability Scanners, 2006, "[The Web application security vulnerability scanning] market will likely converge with the source code security vulnerability scanning tool market, because together, the tools provide a more comprehensive security evaluation of applications."

In addition to Web applications, Ounce is able to analyze software throughout the organization, including legacy and back-end applications, providing a valuable complement to penetration testing tools, which can only analyze Web-facing systems. Unlike other source code analysis products, the Ounce solution goes beyond pinpointing simple coding errors to also identify security design flaws such as weak encryption, poor authentication, and lack of access control. With the inclusion of penetration testing results into Ounce's industry-leading breadth of static analysis, customers now get a complete picture of their application vulnerability and exploitability, which ultimately leads to more informed audit, security, and risk management decisions.

For more information on Ounce's integration with Web penetration testing tools, please send questions to integration@ouncelabs.com.

Previous article - Next article

Other articles
2010/3/18 8:07:31 - Panda Cloud Antivirus Receives ICSA Labs' First Cloud-Based Certification
2010/3/17 15:49:34 - Open-Source Email Security Taken To The Next Level at WebhostingDay
2010/3/17 15:18:40 - McAfee Warns ABout Scareware or Fake Antivirus Software
2010/3/2 5:22:13 - VeriSign and AVG Will Integrate VeriSign Trust(TM) Seal Within AVG LinkScanner(R)
2010/3/1 7:36:12 - New Stealth Software Protects P2P Users From Lawsuits by Copyright Holders
2010/2/24 13:55:16 - New State of The Art Firewall By Palo Alto Networks
2010/2/24 13:50:26 - Beware of Fake Antimalware Programs Like PCsProtector
2010/2/24 13:38:02 - New Registry Cleaner Guide Helps Your PC Perform Faster
2010/2/3 7:32:43 - PC Login Now (Full version) Available Now For Free.
2010/2/3 7:11:57 - Mitto Named One of 20 Top Web Applications

The comments are owned by the poster. We aren't responsible for their content.