SOURCE: Ounce Labs

October 09, 2006 07:59 ET

Ounce Labs Achieves Product Integration With Leading Penetration Testing Solutions

Combination of Security Analysis Techniques Offers Most Complete and Accurate Assessment of Critical, Exploitable Application Vulnerabilities

WALTHAM, MA -- (MARKET WIRE) -- October 9, 2006 -- Ounce Labs, the leader in software security assurance, today announced product integration that combines its product's source code security assessment results with findings from Cenzic® Hailstorm®, SPI Dynamics™ WebInspect™, and Watchfire® AppScan®. Advancements in Ounce's open architecture enable customers now to import results directly from their existing penetration testing tools to achieve a higher level of insight into the security of their software.

"Penetration testing tools offer a valuable method of exposing vulnerable areas of a Web application through hacking techniques, but users typically want more detailed, code-level information to guide an effective risk management strategy," said Hugh Scandrett, president and CEO of Ounce Labs. "We addressed this need by extending the Ounce reporting structure so customers have the best of both worlds. With this integration, they can immediately improve their software vulnerability assessment and remediation efforts, leveraging both static and dynamic analysis in a single view."

According to Gartner Research's MarketScope for Web Application Security Vulnerability Scanners, 2006, "[The Web application security vulnerability scanning] market will likely converge with the source code security vulnerability scanning tool market, because together, the tools provide a more comprehensive security evaluation of applications."

In addition to Web applications, Ounce is able to analyze software throughout the organization, including legacy and back-end applications, providing a valuable complement to penetration testing tools, which can only analyze Web-facing systems. Unlike other source code analysis products, the Ounce solution goes beyond pinpointing simple coding errors to also identify security design flaws such as weak encryption, poor authentication, and lack of access control. With the inclusion of penetration testing results into Ounce's industry-leading breadth of static analysis, customers now get a complete picture of their application vulnerability and exploitability, which ultimately leads to more informed audit, security, and risk management decisions.

For more information on Ounce's integration with Web penetration testing tools, please send questions to

About Ounce Labs, Inc.

Ounce Labs™, the leader in software security assurance, delivers products that enable customers to manage software risk in applications across the enterprise, traceable down to individual lines of code. The Ounce solution features patents-pending analysis technology, which scans source code to pinpoint programming errors, design flaws, and policy violations. Ounce offers the most accurate and complete analysis, the fastest time-to-value, the only complete portfolio management, and the greatest deployment flexibility. Customers include leading organizations in financial services, telecommunications, software development, government, and other industries focused on protecting data, reducing software vulnerabilities, and complying with industry regulations. Ounce Labs is headquartered in Waltham, Massachusetts, with regional offices throughout the U.S. For more information, please visit

Cenzic and Hailstorm are registered trademarks of Cenzic, Inc. SPI Dynamics and WebInspect are trademarks of S.P.I. Dynamics Incorporated. Watchfire and AppScan are registered trademarks of Watchfire Corporation. All other products and company names mentioned herein are trademarks or registered trademarks of their respective owners.

Contact Information

    Chris McClean
    Ounce Labs
    781.547.7031 (o)
    617.571.8945 (m)
    Email Contact