HOME > SECURITY RESOURCES
PRODUCT OVERVIEW LITERATURE
Ounce Product Infosheet
Managing Software Risk: An Executive Call to Action
Frequently Asked Questions [FAQ]
Application Security Topics [FAQ]
These library resources require an Ounce Labs ID. Log in or register.
MULTIMEDIA
Vulnerabilities in Spring Framework
Podcast | Webinar
Two leading researchers from the Ounce Labs Advanced Research Team discuss their recent documentation of two vulnerabilities in the commonly used Spring framework that is utilized for creating dynamic, robust, highly scalable Web applications in Java.
The Path to a Secure Application
Videocast
Ryan Berg, Chief Scientist for Ounce Labs, discusses the critical areas in source code that must be reviewed to find and eliminate the flaws that threaten private data.
PCI DSS 6.6 Requirements – Protect your Web Applications
Videocast
Three experts on PCI and application security address the latest updates to the PCI application security regulations, and how leading organizations are addressing them, according to a recent survey.
PCI 6.6 Clarification
Podcast
Jack Danahy, CTO and Founder of Ounce Labs, discusses the recent “clarification” of this critical PCI requirement, and how organizations should respond.
Holding Outsourcers Accountable
Podcast
Jack Danahy, the founder and Chief Technology Officer of Ounce Labs, discusses how to hold outsourcers accountable.
Outsourcing, an IT Dream or a Security Nightmare: a Talk With Ounce Labs
Podcast
Peter Schoof, Security Editor at eBizQ, talks with CTO Jack Danahy about
managing the security risks in outsourced software development.
Software Security Governance in the SDLC:
A Practical Approach
Videocast
Anthony Gerkis of Accenture and Jack Danahy of Ounce Labs discuss best
practices to manage and measure security in the SDLC.
Eliminating Malicious Code at the Source
Podcast
Bruce Mayhew, Director, Advanced Security Research Group at Ounce Labs, discusses the latest techniques and tools to identify and eliminate malicious code in software.
Can Hackers Rock the Vote?
Podcast
Ryan Berg, Ounce Labs Chief Scientist, discusses the risks and concerns around e-voting.
Setting the Bar With PCI: What You Must Know About Application Security
Videocast
Dinis Cruz discusses “The Value of Code Scanning” for the SANS Institute.
Videocast
Application Flaws are a Lure
for Hackers
Podcast
Jack Danahy, Ounce CTO, talks with Network World about the threat to
custom applications.
Network World
Redefining Software Security Audit
Podcast | Videocast
Dr. Hugh Thompson of People Security discusses the new standard for
identifying risks to data and operations.
SearchSecurity
WHITE PAPERS
Security Vulnerabilities in the Spring Framework Model View Controller:
Knowledge is Power:
Your software is trying to tell you something
The Right Tool for the Right Job
An Application Security Tools Report Card
Software Security Governance in
the Development Lifecycle:
A Practical Guide from Accenture and Ounce Labs
PCI Compliance at the Source
Meeting the PCI Application
Security Requirements:
Building Compliance In
Redefining Software Security Audit
Uncover critical flaws, create efficient remediation workflow, and produce the right metrics for monitoring compliance
The Path to a Secure Application
A Source Code Security Review Checklist
Secure at the Source:
Implementing Source Code Vulnerability Testing in the Software Development Lifecycle
The Security Implications of Ajax and Web Services
Securing Web Services and Ajax is about more than just securing the client.
Payment Card Industry (PCI) Data Security Standard and the Need for Software Assurance
Opening the Black Box
A Source Code Security Analysis Case Study
Software Security Assurance:
A Framework for Software Vulnerability Management and Audit
Managing the Risk of Identity Theft:
The Need for Software Security Assurance
The Dirty Dozen:
The Top Web Application Vulnerabilities and How to Hunt Them Down at the Source
Weapons for the Hunt:
Methods for Software Risk Assessment
Security in Numbers:
Source Code Vulnerability Analysis and the Need for Metrics
Trust, But Verify:
How to Manage Risk in Outsourced Applications
COMPLIANCE BULLETINS
Software Security Assurance
Compliance Guide for Commercial Organizations
Software Security Assurance
Compliance Guide for Financial Services
Software Security Assurance
Compliance Guide for Federal Agencies
INDUSTRY SPOTLIGHTS
Security That Counts:
The Need for Secure Software For Financial Service Providers
Taking Care:
The Need for Secure Software in Healthcare
Securing the Public Sector:
The Need for Secure Software for Government Agencies