Santa Clara, Calif. - February 5, 2001 - Sanctum, Inc., the established leader in automated Web application control and security software, today announced AppScan 2.0. AppScan 2.0 is the first and only security software automating the complex, manual task of auditing Web applications. AppScan 2.0 drives Web application security audits to all phases of the application life cycle, allowing developers, operations managers and security consultants to prevent application-level attacks before the hackers get there first.

"The volume of code is exploding as the Internet continues to expand, putting companies at risk in terms of securing, protecting and managing digital assets," said Peggy Weigle, president and CEO of Sanctum. "With manual patching and upgrading of code a fact of life today, companies can't begin to thoroughly assess risk without establishing comprehensive, ongoing auditing practices. AppScan 2.0 is the only way to fully automate this process, allowing companies to do what they do best-focus on growing their businesses."

Sanctum is leading the fight to deliver comprehensive application-level security and prevent Web application hacking. Only AppScan 2.0 provides users with access to a reliable, automated tool to protect against application-level intrusions. AppScan 2.0 dynamically crawls through a site, automatically scans an application from a hacker's perspective, detects specific application vulnerabilities-both known and unknown-and provides recommendations for fixing these vulnerabilities, including the latest patches available.

"As a security focused managed service provider, Telenisus recognizes the tremendous investment clients are making to protect their corporate and customer information. In spite of this, the applications driving their online business are still wide open to attack. Working with Sanctum's AppScan 2.0, Telenisus can now provide the application testing and protection services our clients need," said Ron Hale, vice president of Professional Services for Telenisus. "Sanctum's AppScan 2.0 delivers the only automated application auditing tool in the industry today that extends our current secure infrastructure services to the most vulnerable part of the Web itself—the applications. We are extremely pleased to have AppScan 2.0 as a part of our managed service practice."

"Web application hacks are among the most insidious security breaches affecting e-Businesses today," said Pete Lindstrom, a senior analyst at Hurwitz Group. "Automating Web application code reviews simplifies a highly technical process and effectively defends against the automated hacker tools that make it easy for hackers to exploit these holes. Security auditors and Webmasters should be thankful a tool like this exists."

AppScan 2.0
AppScan 2.0 features include:

• Expert Application Security System-the brain behind AppScan includes Sanctum's patent pending Policy Recognition Engine and the knowledge database providing continuous updates of vulnerabilities and hacking techniques
• Automatic Scanning and Testing-an automatic and customizable Crawler Engine and Attack Simulator crawls through the site and attacks through user-defined filtering mechanisms
• Intelligent Automatic Risk Assessment-automatically assigns severity and success ratings for tested attacks and then provides expert advice for fixing vulnerabilities
• Customized Reports-automatically generates predefined reports with customized information for each level of expertise in the organization

Pricing and Availability
AppScan 2.0 is available immediately. Pricing is available for both end users and security auditors on a subscription basis.

About Sanctum, Inc. (www.SanctumInc.com)
Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. (formerly Perfecto Technologies) pioneered the market for Web application security and control software. Sanctum's software works autonomously and continuously to monitor how individuals interact with Web applications. By detecting and defending against any unauthorized behavior, Sanctum prevents Web application perversion, even if a site has unknown security holes or flaws. Sanctum's customers include industry leaders in banking, retailing, finance, government, and healthcare. Privately held, Sanctum is funded by blue-chip venture capital firms and industry leaders, including Sequoia Capital, Walden and Intel Corporation. More information about Sanctum may be obtained by visiting the Company's Web site www.SanctumInc.com or by calling the Company directly at (408) 352-2000.

For Immediate Release
Contact:

Tara Dugan or Elizabeth Holwerda
Schwartz Communications, Inc.
(415) 512-0770
[email protected]