Santa Clara, Calif. - June 21, 2000 - Sanctum, Inc. (formerly Perfecto Technologies), the established leader in automated web application control and security software, today introduced AppScan�, the latest addition to the Company's family of web application security products. Designed to accelerate today's time consuming manual approach to web application security, AppScan helps an eBusiness analyze its web applications by pointing to potential security vulnerabilities and providing guidance on how to mend any security bugs discovered. With embedded proprietary technology to prevent misuse, AppScan is also ideal for security consultants and auditors who would like to integrate an application-level audit into their overall network evaluation services.

"In today's online business environment, it's well known that web applications have a large number of vulnerabilities. For an eBusiness, however, finding where application-level holes are in its web site is extremely difficult," commented Peggy Weigle, CEO of Sanctum, Inc. "With AppScan, our customers and partners now have a powerful, practical tool that can uncover and offer advice on how to mend vulnerabilities, before anyone has the opportunity to exploit them."

"Yahoo! is very pleased to be working with Sanctum. We are committed to providing our users with the highest quality online experience, and this includes making sure our network continues to maintain the same levels of reliability as it has previously achieved," said Arturo Bejar, technical Yahoo at Yahoo! Inc. "AppScan has the ability to alert companies to potential vulnerabilities quickly and proactively."

Unlike network scanners, AppScan enables the detection of security vulnerabilities in the actual applications of web sites. These can be either specific vulnerabilities within in-house developed applications, or security holes within third-party applications such as web servers and application servers. After detecting a potential vulnerability, AppScan catalogs it and then offers expert advice and guidance on how to mend it. An organization can use AppScan during various parts of the application's life cycle, such as QA and development, to provide enhanced overall security.

About AppScan
The industry's first automated web application audit tool, AppScan extends the security capabilities involved in an eBusiness's application development, deployment and maintenance. In addition, with AppScan, security consultants and auditors have the opportunity to offer eBusinesses an application-level audit as part of an overall network evaluation.

Leveraging the advanced capabilities of Sanctum's Policy Recognition Engine, AppScan automatically analyzes a site's online applications and dramatically boosts the process of detecting application-level vulnerabilities. With its specialized "RoboHacker" technology, AppScan identifies any dangerous content and identifies a variety of the most common and damaging types of application-level attacks including hidden manipulation, parameter tampering, cookie poisoning, stealth commanding, forceful browsing, backdoors and debug options, configuration subversion, third-party misconfiguration, cross site scripting and buffer overflow.

Upon completion of the analysis, AppScan's RoboAdvisor generates a detailed report and offers expert advice and guidance on how to fix any of the vulnerabilities detected. The extensive AppScan knowledge base is updated frequently based on input from Sanctum's Black Watch Labs, audits, partners and other sources that publish information on application-level vulnerabilities.

With a web-based client and a Linux server, AppScan also features multi-user capabilities. AppScan has embedded technology to prevent misuse and works with applications running on Microsoft IIS or server products from Netscape and Apache.

Pricing and Availability
AppScan will be generally available in Q3 2000. Pricing is subscription-based.

About Sanctum, Inc. (www.SanctumInc.com)
Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. (formerly Perfecto Technologies) pioneered the market for web application security and control software. Sanctum's software works autonomously and continuously to monitor how individuals interact with web applications. By detecting and defending against any unauthorized behavior, Sanctum prevents Web Application Perversion, even if a site has unknown security holes or flaws. Sanctum's customers include industry leaders in banking, retailing, finance, government and healthcare. Privately held, Sanctum is funded by blue-chip venture capital firms and industry leaders, including Sequoia Capital, Walden and Intel Corporation. More information about Sanctum may be obtained by visiting the Company's Web site at www.SanctumInc.com or by calling the Company directly at (408) 855-9500.

For Immediate Release
Contact:

Kevin Pedraja
Sterling Communications
(415) 749-6550
[email protected]