One overlooked application vulnerability could lead to cyber-criminal access to customer data and other confidential information.
In an effort to prevent such exploits, Ounce Labs has released Ounce 5.0. This new version has new enterprise-focused features designed to support critical business issues, including compliance with Payment Card Industry Data Security Standard (PCI DSS) standard and OWASP Top 10 2007, as well as mapping to the Common Weakness Enumeration (CWE) vulnerability database.
These updates enable companies to reduce the potential for security breaches by identifying, prioritizing and providing for remediation of application vulnerabilities across an entire software portfolio, said Jack Danahy, chief technical officer and founder of Ounce Labs.
With SmartAudit, companies can receive customized reports recast for PCI and OWASP compliance. They receive information on access control, network communications, malicious code in applications, input validation, cryptography and database use.
And with SmartTrace, a free developer remediation plug in, if a vulnerability is found, the developers receive all the information about that vulnerability so it can be repaired. The tool can show developers where the vulnerable code is, how much of a priority it is to fix, notes and advice from the security analyst, and remediation advice and examples for how to fix the code.
Ounce 5 meets the needs of both developers, auditors and analysts, Danahy said.
"It allows anyone to understand the output. It isn't written for just developers, so any security analyst can make sense of it and can describe what the issue is inside the source code. Plus it gives developers guidance on what to fix first," he said. "This product tries to unite those two groups."
Other new Ounce 5.0 features include LDAP support for organizations that use Microsoft Active Directory Server to authenticate users accessing application development environments. This latest release also includes increased support for Java Struts and Microsoft .NET 2.0. Ounce 5.0 can also generate Ounce reports in Portable Document Format (PDF) files which can be shared with application security stakeholders who don't require access to an Ounce environment.