Product Details
Ounce 4
This Product Review is in the following Category:
Security Management, Assessment, Incident Response
This Product Review is in the following Sub-category:
Penetration Testing, Vulnerability Assessment, Risk Assessment
|
Version: | |
|---|---|---|
| Vendor: | Ounce Labs | |
| Website: | www.ouncelabs.com | |
| Price: | £750 per seat for annual licence; £1,350 per seat for perpetual licence | |
| Date: | 1-Aug-07 | |
| Author: | Justin Peltier |
The Ounce Labs offering is a software-based solution, which is actually a CASE (computer aided software engineering) utility. Ounce 4 works by reviewing code for any application to scan for security vulnerabilities before the code is posted to a development or production server. This type of utility is routinely mentioned in the PCI-DSS compliance document and should be included in any organization’s system development life cycle.
The utility ships with a demo data CD that allows the tester to review non-production code to get a feel for the application and the function. This feature was well received in the lab and made for a stronger feeling of understanding before a tester would evaluate production data. The dashboard for the application was straightforward to use with panes logically laid out. The utility includes the ability to compare sets of codes and show the differences, and also the ability to triage coding errors, as well as the ability to repair the error and scan again. Results can be published to a web server or reports can be generated.
The installation of Ounce 4 was as straightforward as possible. A few clicks of "next" and a quick browse to the license file and the installation work was finished. The install did take some time to complete because of the large amount of data being installed. Helper applications and language kits were installed behind the scenes and transparent to the user installing the product.
Ounce 4 arrived with a guide for the initial installation and use of the product in hard copy. Several PDF documents accompany the installation files on the install CD. The PDF files are indexed and searchable to make finding whatever is needed faster.
Support is offered through phone and a detailed web portal, which allows for the opening of tickets, feature requests and a knowledge base. Phone support is offered during business hours.
The pricing for Ounce 4 starts at $1,500 for an annual license, and $2,750 for a perpetual license. This prices Ounce 4 at the low end of the price spectrum.
Other product reviews from this Supplier
OUNCE 5.0Related product reviews in this subcategory
GlobalAdmin Enterprise Security SuiteCyberAngel
NetSwift iGate
LapTrak (Mobile Security group test)
Magi Enterprise (Telecommuting group test)
This product is in the following Group Test
Application vulnerability assessment 2007 - SC recommended
Product Rating
Features |
***** |
Ease of Use |
***** |
Performance |
***** |
Documentation |
***** |
Support |
***** |
Value for Money |
***** |
Overall Rating |
***** |
For: Reviews code for security vulnerabilities.
Against: Designed more for programmers than security personnel because of difficulty in running the product.
Verdict: For any organization which uses a System Development Life Cycle (SDLC) this product should be a welcome addition.
