Santa Clara, Calif. — June 17, 2002 - Sanctum, Inc., the established leader in Web application security software, today announced a new subscription for AppScan 3.0™, delivering significant enhancements for the .NET services and Oracle application server marketplace. Today's subscription release for AppScan 3.0, the market's leading Web application security assessment software, incorporates Web services platform and technology testing into AppScan's automatic application security assessments. AppScan's advanced validation mechanism delivers the widest array of attack variants to test, automatically validate and provide fix advisories for both Common Web Vulnerabilities (CWVs) and application-specific vulnerabilities, such as cross-site scripting, SQL injection and other source code disclosure vulnerabilities.

"Web services security standards have not yet been established by the industry, making security the biggest barrier for companies looking to deploy Web services-based systems," said Gili Raanan, founder and senior vice president of products at Sanctum. "As enterprises begin to adopt .NET and other Web service infrastructures, new application vulnerabilities native to the custom and third party code of traditional Web sites will be exposed. As the leader in detecting and defending against Web application vulnerabilities, Sanctum is committed to delivering the technology required for the new services and protocols that will be deployed over the coming years."

A standalone application running on Windows 2000, AppScan is easily adapted into any auditor, Q/A or developer environment. With its intuitive navigation and set-up, AppScan delivers accurate, trusted results with less than 1% false negatives or positives. AppScan 3.0's latest subscription release includes validation tests for more than 20 new CWVs and application-specific vulnerabilities-primarily in .NET services and Oracle Application Server environments-to prevent new types of XML-related vulnerabilities, cross-site scripting and advanced SQL injection attacks.

A cross-site scripting attack allows a hacker to hijack a user's interaction with an application and thereby expose all of the application's components. Since .NET applications are distributed across a portfolio of application sources, this can be an extremely dangerous attack within the Web services environment. SQL injection allows hackers to extract proprietary data like customer billing information from backend database systems without detection. In an online business environment where proprietary data is closely guarded and carefully shared with customers and partners, SQL injection exposes a firm, its customers and its partners to tremendous risk. This subscription enhances AppScan's extensive validation mechanism to provide the most comprehensive set of automated attack-specific variants for precisely targeting, validating and recommending fixes for advanced vulnerabilities in HTML- and XML- related environments.

Subscription Availability
This subscription is available now. Current AppScan customers can download it from Sanctum's AppScan extranet.

About Sanctum, Inc. (www.SanctumInc.com)
Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. is the recognized leader for Web application security solutions. Sanctum software solutions provide automatic enforcement of intended business processes, ensuring the protection of core information and data. By detecting and defending against any unauthorized behavior, Sanctum protects customers against malicious cybercriminal activity—from theft of intellectual property and customer data, to e-commerce fraud and Web site defacement—even if a site has unknown security holes or flaws. Sanctum's solutions complete a company's security infrastructure, assure regulatory compliance and create sustainable ROI. Sanctum's customers include industry leaders in finance, retailing, healthcare, government and telecommunications. Privately held, Sanctum is funded by blue-chip venture capital firms and industry leaders including Sprout Group, Dell, Gemini Israel Funds, Fidelity Ventures, Wachovia Strategic Ventures Group, Mofet Israel Technology Fund and Walden Israel. For more information, visit www.SanctumInc.com or contact the Company directly at (408) 352-2000.

For Immediate Release
Contact:

Tara Dugan or Dara Sklar
Schwartz Communications, Inc.
(415) 512-0770
[email protected]