Ounce Labs Achieves Product Integration With Leading Penetration Testing Solutions Cenzic And Ounce Labs Announce Product Integration To Jointly Offer Best Of Breed Application Security Assessment And Source Code Analysis

Effective and efficient vulnerability remediation requires that organizations be able to quickly identify real, exploitable vulnerabilities. Ounce has long been a leader in providing the level of accuracy and insight required to focus on critical confirmed vulnerabilities. To enhance this capability, Ounce Labs has announced product integration that combines its product’s source code assessment results with findings from Cenzic® Hailstorm®, SPI Dynamics™ WebInspect™, and Watchfire® AppScan®. Customers are now able to import results directly from their existing penetration testing tools to achieve a higher level of insight into the security of their software.

Penetration testing tools dynamically simulate hack attacks to identify vulnerabilities in a Web application, uncovering insecure access points into the application and highlighting areas to secure. However, many organizations demand both static and dynamic analysis of their software, requiring a more complete picture of their application vulnerability and exploitability.

Unlike other source code analysis products, the Ounce solution goes beyond pinpointing simple coding errors to also identify security design flaws such as weak encryption, poor authentication, and lack of access control. With the inclusion of penetration testing results in the Ounce analysis, customers now get a complete picture of their application vulnerability and exploitability from a single report, ultimately leading to more informed audit, security, and risk management decisions.