SANTA CLARA, CALIF. — April 29, 2002 - Sanctum, Inc., the established leader in Web application security software, today announced AppScan 3.0™, the next generation of Sanctum's Web application security assessment tool. Web site application complexity is increasing with the explosion of new code from in-house and 3rd party applications driving new unique application vulnerabilities. AppScan 3.0, a 'site smart' application risk assessment solution, precisely targets application specific attacks and delivers the most accurate and comprehensive recommendations in the market today for fixing both known and unknown application vulnerabilities. With AppScan, users can shift their focus from merely detecting breaches to the more critical task of resolving security vulnerabilities.

"Providing paychecks to over 30 million workers worldwide requires a mix of various technologies including a number of Internet products. With a passion to provide secure products to our clients, ADP's Employer Services division has committed that Web application security is the highest level of priority across our application lifecycle," said Joe Adornetto, vice president of Technology Security, Automatic Data Processing, Inc. "Sanctum's AppScan 3.0 is an integral component of our Internet security process and commitment. Easy to use and customizable, AppScan delivers accurate and actionable results that empower our security professionals working with the software development community to efficiently detect and correct vulnerabilities early in the development cycle and well before introduction of our products into production."

AppScan 3.0 represents a major leap forward in portability, compatibility and performance. As a standalone application running on Microsoft Windows 2000, AppScan 3.0 is compatible in any IT environment. AppScan can automatically explore an entire site unassisted, or the user can configure it to narrow the scope or the depth of the scan and execute the audit in either automatic or manual mode. AppScan explores both 3rd party and custom applications for common Web vulnerabilities and application-specific vulnerabilities a hacker would be searching for, such as SQL injection, cross site scripting and parameter tampering. Finally, AppScan 3.0 provides the user with detailed audit and executive level reports that provide 'fix advisories' for each vulnerability found. The result is the most accurate and comprehensive application risk assessment tool in the market today.

"Secure programming of Web applications has become a high priority for most enterprises, and will be increasingly critical as Web Services roll out," said John Pescatore, VP for Internet Security at Gartner, Inc. "The complexity of Web applications and the continuing demand for frequent changes and enhancements to online applications mean developers will never produce safe code without sophisticated and automated security assessment tools."

AppScan 3.0 New Features Include:

• Intuitive Navigation and Setup—session maps and contextual help tips provide step-by step guidance through set-up and execution.
• Intelligent Scan Modeling and Management—new features in all stages of the scanning process, including collaborative scan utilities allowing users to distribute work based on skills, time and resources; customized scan types making set-up simple and fast; expert system validation mechanism for higher accuracy on application specific attacks such as SQL injection and cross site scripting; interactive results display panel allowing for detailed drill-down on results for detailed advisories and trusted results.
• Platform and Compatibility—Windows 2000 platform and user interface delivers a portable, fully integrated solution that can be easily adapted into any developer or QA/Auditor environment.
• Accuracy and Performance—providing trusted results with less than 1% false positives, AppScan improves audit efficiency by over 500% compared to manual audits.

"With mission critical information becoming Web-enabled, and the power of automatic attack engines used by hackers growing rapidly, the probability of being attacked through a hole or programming bug is 100%. Addressing this at the last stage of the development cycle-deployment, is expensive and time consuming," said Milan Thanawala, senior director, Product Management at Sanctum, Inc. "Sanctum's AppScan 3.0 provides highly accurate and actionable information that drives enormous returns to organizations in the form of cost savings, reliable operations and strong customer relationships."

Availability
AppScan 3.0 is available immediately.

About Sanctum, Inc. (www.SanctumInc.com)
Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. is the recognized leader for Web application security solutions. Sanctum software solutions provide automatic enforcement of intended business processes, ensuring the protection of core information and data. By detecting and defending against any unauthorized behavior, Sanctum protects customers against malicious cybercriminal activity—from theft of intellectual property and customer data, to e-commerce fraud and Web site defacement—even if a site has unknown security holes or flaws. Sanctum's solutions complete a company's security infrastructure, assure regulatory compliance and create sustainable ROI. Sanctum's customers include industry leaders in finance, retailing, healthcare, government and telecommunications. Privately held, Sanctum is funded by blue-chip venture capital firms and industry leaders including Sprout Group, Dell, Gemini Israel Funds, Fidelity Ventures, Wachovia Strategic Ventures Group, Mofet Israel Technology Fund and Walden Israel. For more information, visit www.SanctumInc.com or contact the Company directly at (408) 352-2000.

For Immediate Release
Contact:

Annie Kim or Tara Dugan
Schwartz Communications, Inc.
(415) 512-0770
[email protected]