Ounce 6 provides static source code security analysis. It will analyze any application written in C/C++, Java/JSP, .NET (C#, VB .NET, ASP.NET), Classic ASP (VBScript, JavaScript) and Visual Basic 6. This product provides a way to carefully examine any source code written in these languages for possible holes and vulnerabilities. These applications do not need to be web-based. Any source code can be tested.
This product is a simple install, but that is about all on the simplicity side. It took us just a few minutes to get the product up and running. However, the application console is a little tricky to navigate. It has tabs labeled configuration, triage and analysis. Triage is the analysis and findings of the scan, not the usual use of the term, which usually refers to a step in incident response. Wouldn't that be analysis? No. Analysis is where the code can be analyzed and repaired. It took us some time to get the feel of this application, but when we did we found that it does have some serious power.
This product includes many tools to help remedy poorly written or vulnerable code: the SlickEdit tool to help edit problem code; the remediation assistance view, which links to a knowledge base for further explanation of vulnerabilities; and the SmartTrace view, which helps see the data flows. All of these tools help in easily managing various code problems.
The only documentation we received with this product was a PDF evaluation guide. This outlined how to get the tool set up, and provided a brief overview of the product features. The guide also included many screen shots and step-by-step instructions, but these were, at best, only of overview value.
Ounce Labs provides full-feature support as part of an annual support license fee. This offers technical support options, such as phone and email support, software updates and access to the online support portal. As well, there is a user forum available on the website at no cost.
At a price of $30,000 before annual support fees, we find this product to be an average value for the money. While we find that it does have some serious power for finding and editing problem code, we also find that it is a little difficult to use. It may require some training to get the most out of this product.
This product is a simple install, but that is about all on the simplicity side. It took us just a few minutes to get the product up and running. However, the application console is a little tricky to navigate. It has tabs labeled configuration, triage and analysis. Triage is the analysis and findings of the scan, not the usual use of the term, which usually refers to a step in incident response. Wouldn't that be analysis? No. Analysis is where the code can be analyzed and repaired. It took us some time to get the feel of this application, but when we did we found that it does have some serious power.
This product includes many tools to help remedy poorly written or vulnerable code: the SlickEdit tool to help edit problem code; the remediation assistance view, which links to a knowledge base for further explanation of vulnerabilities; and the SmartTrace view, which helps see the data flows. All of these tools help in easily managing various code problems.
The only documentation we received with this product was a PDF evaluation guide. This outlined how to get the tool set up, and provided a brief overview of the product features. The guide also included many screen shots and step-by-step instructions, but these were, at best, only of overview value.
Ounce Labs provides full-feature support as part of an annual support license fee. This offers technical support options, such as phone and email support, software updates and access to the online support portal. As well, there is a user forum available on the website at no cost.
At a price of $30,000 before annual support fees, we find this product to be an average value for the money. While we find that it does have some serious power for finding and editing problem code, we also find that it is a little difficult to use. It may require some training to get the most out of this product.
