Content

Ounce Labs 5.0

Ounce Labs 5.0 is a static source code analysis solution based primarily on two separate components. The application approaches application vulnerability assessment by statically analyzing source code and supports many different languages, including C/C++, Java/JSP, .NET (C#, VB.NET, ASP.NET), Classic ASP (VB and JavaScript) and Visual Basic.

We found that installation of the product was a bit challenging at times. Plug-ins are an option at the initial installation screen, but revisiting these options after the base installation was completed prompted for a re-installation of the entire product. This proved to be time-consuming and unnecessary. The product installs on many Windows-based operating systems, as well as Solaris and Red Hat. Support for many different compilers is included, and plug-ins for RAD, Eclipse and Visual Studio are optional.

From an administrator perspective, the installed components consist primarily of the Ounce Portfolio Manager, which is a web-based dashboard, and the Ounce Security Analyst, which is where most of the configuration and assessment work is performed. Because the product contains many different features and perspectives, the Security Analyst window may contain a large amount of information at one time and often feels cluttered. It is based on three primary views that reflect configuration, triage and analysis, respectively. In our testing, the product performed very well and found numerous vulnerabilities in our test source code. Once an assessment project is completed, the results can be pushed to its web-based dashboard for a more user-friendly dashboard view. From a design perspective, the two components appear very different, giving the overall solution a bit of a lopsided feel when switching between the two.

Documentation is helpful, but we would have liked to see more screen shots. Help is also only launched from within the application, as standalone PDF files had to be retrieved directly from the install folders and are not displayed in the Start Menu for Windows installations.

Pricing for Ounce Labs 5.0 is based on an annual license. Cost is $1,500. Perpetual licenses are available for $2,750. Gold level support is available for 20 percent of the net product fee. The Ounce Labs support site does list a support phone number and hours of operation, but the searchable knowledge base only contained three entries at the time of testing.

Product title
Ounce Labs 5.0
Product info
Name: Ounce Description: Price: $1,500
Strength
Good performance with many useful features. Very detailed technical results.
Weakness
The Security Analyst user interface can feel overcrowded at times depending on which perspective you are using to view the information.
Verdict
A good addition to any software development lifecycle and a solid value for the price.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.