Santa Clara, CALIF. — December 16, 2002 - Sanctum, Inc., the established leader in Web application security software, today announced a new AppScan 3.5™ subscription that enables Apache developers and users to identify and fix new vulnerabilities in XML Web services technologies. Building on AppScan's advanced validation technology, which already detects and recommends fixes for .NET and Oracle Web services vulnerabilities, this subscription broadens AppScan's Web services security testing and adds additional vulnerability testing for PHP applications, and Apache on MacOS X. Optimized for security testing throughout the application lifecycle, AppScan continues to deliver updated Web services vulnerability assessment to development, QA testing and audit processes.

"In talking with the largest financial institutions, we see an increased awareness and concern for the number of vulnerabilities exposed with new XML Web services technologies," said Steve Orrin, CTO of Sanctum. "As Web Services and XML are emerging as the standard platform for data communication and business process automation on the Web, the rapid exposure of internal applications and interfaces to the Web elevates application security to a top priority. AppScan 3.5's latest subscription further extends Sanctum's reach into Web services, and solidifies AppScan's position as the most comprehensive and accurate application security testing solution in the market today."

A standalone application running on Microsoft Windows 2000 and XP, AppScan learns the unique business logic of XML Web services on the fly and creates a dynamic scan to obtain the most comprehensive Web application vulnerability assessment. Once the assessment is complete, AppScan provides customized, detailed reports that include actionable recommendations for how to fix application specific vulnerabilities, common Web vulnerabilities on .NET, Oracle and Apache platforms that support Web services, as well as the XML Web services themselves.

Subscription Availability
This subscription is available now. Current AppScan customers can download it from Sanctum's AppScan Extranet.

About Sanctum, Inc.
Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. is the recognized leader for Web application security solutions. Sanctum software solutions provide automatic enforcement of intended business processes, ensuring the protection of core information and data. By detecting and defending against any unauthorized behavior, Sanctum protects customers against malicious cybercriminal activity-from theft of intellectual property and customer data, to e-commerce fraud and Web site defacement-even if a site has unknown security holes or flaws. Sanctum's solutions complete a company's security infrastructure, assure regulatory compliance and create sustainable ROI. Sanctum's customers include industry leaders in finance, retailing, health care, government and telecommunications. Privately held, Sanctum is funded by blue-chip venture capital firms and industry leaders including Sprout Group, Dell, Gemini Israel Funds, Fidelity Ventures, Wachovia Strategic Ventures Group, Mofet Israel Technology Fund and Walden Israel. For more information, visit www.SanctumInc.com or contact the Company directly at (408) 352-2000.

For Immediate Release

Contact:

Diane Fraiman
Sanctum, Inc.
(408) 352-2000
[email protected]

Tara Dugan or Dara Sklar
Schwartz Communications, Inc.
(415) 512-0770
[email protected]