April 01, 2008
From £1,100 for annual licence
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Good performance, many useful features, very detailed technical results
- Weaknesses: The Security Analyst user interface can feel over-crowded
- Verdict: A good addition to any software development lifecycle and providing solid value for the price
We found installation a bit challenging at times. Plug-ins are an option at the initial installation screen, but revisiting these options after the base installation was completed meant re-installing the entire product. Ounce installs on many Windows-based operating systems as well as Solaris and Red Hat. Support for different compilers is included, and plug-ins for RAD, Eclipse and Visual Studio are optional.
The main components are the Ounce Portfolio Manager, a web-based dashboard, and the Security Analyst, where most of the configuration and assessment work is performed. Because the product contains many different features and perspectives, the Security Analyst window may contain a large amount of information at any one time and often feels cluttered. It is based on three primary views that reflect configuration, triage and analysis respectively.
The product performed very well in our testing and found numerous vulnerabilities in our test source code. Once an assessment project is completed, the results can be pushed to its web-based dashboard for a more user-friendly dashboard view. From a design perspective, the two components appear very different, giving the overall solution a slightly lopsided feel when switching between the two.
Documentation is helpful, but we would have liked to see more screenshots. Help is also only launched from within the application, as standalone PDF files had to be retrieved directly from the install folders and are not displayed in the start menu for Windows installations.
Pricing for Ounce 5.0 is based on an annual licence of £1,100. Perpetual licences are available. Gold-level support is available for 20 per cent of the net product fee. The Ounce Labs support site does list a support phone number and hours of operation, but the searchable knowledge base only contained three entries at the time of testing.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report