San Francisco, CALIF. — VSLive! San Francisco 2003 — February 10, 2003 - Sanctum, Inc., the established leader in automated Web application security firewall and testing software, today announced the industry's first software product to automate security testing during real time application development. AppScan Developer Edition (DE)� 1.5 enables rapid development of secure Web applications, reducing the overall business risk inherent in the development lifecycle and increasing application development ROI. The first version of the product has been fully integrated into the widely-used Microsoft Visual Studio .NET.

"The ability to deliver quality applications on time is an increasing challenge for the enterprise. As attacks become more sophisticated and applications more complex, quality is no longer simply about meeting performance and functionality specs, but involves building in security during development," said Charles Kolodgy, Research Manager, Internet Security Software, IDC. "Sanctum's push into the development environment is responding to an important market need-allocating the responsibility for security throughout the development lifecycle. By providing developers with useable security testing tools, Sanctum is pioneering a new class of automated Web application security."

Studies show that the relative cost of fixing defects after deployment is almost fifteen times greater than detecting and eliminating them during development. As a result, enterprises are calling on developers to take on some of the responsibility for delivering secure applications that are resistant to attack. However, until now, developers have not had the tools or security knowledge to create impenetrable applications. With the addition of AppScan DE to the AppScan product family, enterprises can now ensure reliable operations of their applications in production. By improving the utilization of QA and development resources, AppScan DE reduces the overall number of development cycles and associated downtime caused by security defects found in production, translating to faster, less costly application deployment.

"As part of the Trustworthy Computing initiative, Microsoft is working hard to evangelize best security practices to its developer community," said Mike Kass, product manager in the Developer Platform and Evangelism group at Microsoft. "Security cannot be an after-thought, it must factor into each stage of the application development lifecycle - from the design blueprint, through coding and testing, all the way to deployment. Sanctum's AppScan DE is the first tool of its kind to help with this. It enables developers to test for security as they code as well as on the finished product. It teaches and enforces best practices that organizations can build into their development guidelines and design templates going forward. We expect the developers in the Visual Studio .NET community will embrace AppScan DE because of the time it saves and the higher quality applications it will produce."

"Our commitment has always been to provide the highest level of security needed to protect a company's mission critical assets from attack, " said Peggy Weigle, CEO of Sanctum. "The launch of AppScan DE is in direct response to corporations' emphasis on building hacker-resistant, reliable applications from the ground-up. We believe this will be a major breakthrough in redefining the industry standards for quality software."

About AppScan DE
AppScan DE seamlessly integrates into the leading Integrated Development Environment (IDE), Visual Studio .NET 2003, and tests applications built with any of the languages supported by Microsoft Visual Studio .NET. AppScan DE can be quickly configured to unit test any Web application for security defects directly from within the IDE. After identifying the location of each defect, AppScan DE delivers in-line fix recommendations, provides detailed descriptions, and enables the developer to perform granular analyses of each test and response. AppScan DE helps make enterprise applications resistant to attack without destroying any of their functionality, elegance or effectiveness. AppScan DE will be generally available in March 2003.

About Sanctum, Inc.
Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. is the recognized leader for Web application security solutions. Sanctum software solutions provide automatic enforcement of intended business processes, ensuring the protection of core information and data. By detecting and defending against any unauthorized behavior, Sanctum protects customers against malicious cybercriminal activity-from theft of intellectual property and customer data, to e-commerce fraud and Web site defacement-even if a site has unknown security holes or flaws. Sanctum's solutions complete a company's security infrastructure, assure regulatory compliance and create sustainable ROI. Sanctum's customers include industry leaders in finance, retailing, healthcare, government and telecommunications. Privately held, Sanctum is funded by blue-chip venture capital firms and industry leaders including Sprout Group, Dell, Gemini Israel Funds, Fidelity Ventures, Wachovia Strategic Ventures Group, Mofet Israel Technology Fund and Walden Israel. For more information, visit www.SanctumInc.com or contact the Company directly at (408) 352-2000.

For Immediate Release

Contact:

Diane Fraiman
Sanctum, Inc.
(408) 352-2000
[email protected]

Tara Dugan or Dara Sklar
Schwartz Communications, Inc.
(415) 512-0770
[email protected]