Santa Clara, CALIF. — August 25, 2003 - Sanctum, Inc., the established leader in Web application security software, today announced the availability of AppScan� 4.0 QA Edition, the first security testing tool available for seamless integration with any QA testing environment, and AppScan 4.0 Audit Edition for accelerated, automated testing of security vulnerabilities. With its patented intelligent validation engine, Sanctum's AppScan 4.0 product suite covers the widest array of attack variants to test both new and existing infrastructures, including emerging Web services technologies containing XML and SOAP vulnerabilities. By reducing security defects before Web applications are deployed in a live production environment, AppScan 4.0 enables enterprise users to deploy applications quickly, reduce deployment costs, improve resource allocation, assure compliance, and minimize risk.

With the introduction of AppScan 4.0, Sanctum now empowers enterprise users at all stages of the application lifecycle-including developers, QA and internal and external auditors-with an automated testing tool that is a natural extension of their current testing processes. The only available tool for security testing during the QA phase, AppScan 4.0 QA Edition delivers seamless integration into existing test systems, automation to deliver predictive, reproducible results and the ability to output results to all standard defect tracking and analysis systems. In compliance with the Capability Maturity Model (CMM) outlined by the Software Engineering Institute (SEI), AppScan supports software QA and quality management standards, a critical element of delivering quality software to the market.

"Time-to-market pressures have typically taken precedence over software debugging and quality assurance. If companies integrate security best practices throughout every phase of testing, security vulnerabilities will be resolved as they appear, instead of post-deployment, where the cost of fixing and business risk are significantly higher," said Pete Lindstrom, Spire Security. "When security is pinpointed at every phase of development, as is now possible with Sanctum's full AppScan product suite for developers, QA staff and auditors, application testing not only produces more secure software, but can even speed an application's time to market through improved resource allocation."

"Stricter compliance and audit regulations have increased the requirement for high-quality and secure applications, putting new demands on organizations to track and fix vulnerabilities more quickly," said Andrew Conte, director of Information Security, HBO. "To meet the challenge of timely, cost-effective remediation, security needs to be considered a vital testing parameter alongside functionality and performance. With automated security testing, we are able to assess and fix security problems quickly and cost-effectively, thereby enforcing security best practices, reducing audit cycles and improving internal and external compliance demands."

New features of AppScan 4.0 include:

• Advanced Delta Analysis—helps developers, QA testers and auditors enforce predictive, reproducible results across the test cycle. Users can establish and map back to test plan over time, across applications, departments or companies to ensure continued compliance.
  
  
• Web Services Support—delivers widest array of attack variants to test for emerging Web services technologies, including XML and SOAP vulnerabilities, application specific vulnerabilities (ASVs) and common web vulnerabilities (CWVs); intelligent validation system tests for known and unknown vulnerabilities in IBM WebSphere, Microsoft .NET and Sun ONE.
  
  
• Interactive Results Display & Analysis—Graphical tree view allows users to easily review and differentiate results to prioritize remediation actions; error-free, immediate and automated analysis achieved through "Worse Case Scenarios" that communicate business impact of technical vulnerability and "Vulnerability Causes" that identify root cause of problems, including insecure programming and configuration changes.
  
  
• Application Programming Interface (API) & Command Line Interface (CLI)—users can automatically execute AppScan QA Edition defect tests and results export as part of QA testing procedure with seamless integration through APIs and CLIs.
  
  
• Unparalleled Performance—The fastest application risk assessment tool available today, AppScan scales from scanning a single web page to 100,000s of Web page applications.
  
  

Availability
AppScan 4.0 QA Edition and Audit Edition are generally available September 5, 2003.

About Sanctum, Inc.
Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. is the recognized leader for Web application security solutions. Sanctum software solutions provide automatic enforcement of intended business processes, ensuring the protection of core information and data. By detecting and defending against any unauthorized behavior, Sanctum protects customers against malicious cybercriminal activity-from theft of intellectual property and customer data, to e-commerce fraud and Web site defacement-even if a site has unknown security holes or flaws. Sanctum's solutions complete a company's security infrastructure, assure regulatory compliance and create sustainable ROI. Sanctum's customers include industry leaders in finance, retailing, healthcare, government and telecommunications. Privately held, Sanctum is funded by blue-chip venture capital firms and industry leaders including Sprout Group, Dell, Gemini Israel Funds, Fidelity Ventures, Wachovia Strategic Ventures Group, Mofet Israel Technology Fund and Walden Israel. For more information, visit www.SanctumInc.com or contact the Company directly at (408) 352-2000.

For Immediate Release

Contact:

Diane Fraiman
Sanctum, Inc.
(408) 352-2000
[email protected]

Tara Dugan
Schwartz Communications, Inc.
(415) 512-0770
[email protected]