Santa Clara, Calif. - September 18, 2000 - Sanctum, Inc., the established leader in automated web application control and security software, today introduced AppScan 1.5, the latest version of the company's revolutionary web application audit tool. Designed to help eBusinesses, security consultants and auditors quickly find and fix web application vulnerabilities, AppScan 1.5 now offers seamless integration with SSL encryption technology. Global Integrity Corporation, an internationally recognized provider of information security services to the Global and Fortune 100, has incorporated AppScan as part of its vulnerability and testing program.

"Since its original announcement in June, we've been thrilled with the market's response to AppScan. Customers and partners have repeatedly told us that it is the only product available that successfully addresses their need for a comprehensive application-level audit," commented Peggy Weigle, CEO of Sanctum, Inc. "Given the large number of companies using SSL encryption, we felt it was essential to add this level of support to AppScan. Once again we have shown our dedication to helping all companies secure packaged and custom web applications and safely expand their B2B, B2C and service provider initiatives."

"AppScan adds a new weapon to the arsenal of technologies necessary to defend the valuable eBusiness assets of our clients," said Dan Woolley, Global Integrity's President and Chief Operating Officer. "The most significant risks faced by companies involved with eBusiness are at the application level. AppScan's unique capability to detect and correct many web application vulnerabilities in real time makes it an invaluable tool for our consultants and clients alike. We are very pleased to include AppScan as a component of our vulnerability service offering."

Designed to accelerate today's time consuming manual approach to web application security, AppScan helps an eBusiness analyze its web applications by pointing to potential security vulnerabilities and providing guidance on how to mend any security bugs discovered. With built-in SSL support, AppScan 1.5 can work with any site using SSL encryption technology and requires no additional user modification.

"AppScan's approach to web vulnerability assessment is unique; instead of using signatures to identify vulnerabilities, it 'thinks like a hacker' to find previously unknown weaknesses. This approach is particularly effective on applications developed in-house. And with its new ability to evaluate SSL-protected sessions, AppScan can secure what are typically a web site's most significant transactions," noted Pete Lindstrom, Senior Analyst at Hurwitz Group.

About AppScan
The industry's first automated web application audit tool, AppScan extends the security capabilities involved in an eBusiness's application development, deployment and maintenance. Leveraging the advanced capabilities of Sanctum's Policy Recognition Engine, and the company's "RoboHacker" and "RoboAdvisor" technology, AppScan substantially reduces the time it takes to find and fix application-level vulnerabilities. Featuring embedded proprietary technology to prevent misuse, AppScan is ideal for security consultants and auditors who would like to integrate an application-level audit into their overall network evaluation services. With a web-based client and a Linux server, AppScan also features multi-user capabilities. AppScan supports SSL and works with applications running on Microsoft IIS or server products from Netscape and Apache.

Pricing and Availability
AppScan 1.5 is available immediately. Pricing is subscription-based.

About Sanctum, Inc. (www.SanctumInc.com)
Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. (formerly Perfecto Technologies) pioneered the market for web application security and control software. Sanctum's software works autonomously and continuously to monitor how individuals interact with web applications. By detecting and defending against any unauthorized behavior, Sanctum prevents Web Application Perversion, even if a site has unknown security holes or flaws. Sanctum's customers include industry leaders in banking, retailing, finance, government and healthcare. Privately held, Sanctum is funded by blue-chip venture capital firms and industry leaders, including Sequoia Capital, Walden and Intel Corporation. More information about Sanctum may be obtained by visiting the Company's web site at www.SanctumInc.com or by calling the Company directly at (408) 855-9500.

About Global Integrity (www.globalintegrity.com)
Headquartered in Reston, Va., Global Integrity provides remote information security monitoring services, incident response, consulting, engineering and information sharing services to global financial institutions and major corporations with electronic operations worldwide. Through groundbreaking initiatives such as the Financial Services Security Lab and Information Sharing and Analysis Centers (ISAC), Global Integrity has proven itself to be the leader in Critical Infrastructure Protection. More information about Global Integrity can be found at www.globalintegrity.com.

For Immediate Release
Contact:

Kevin Pedraja
Sterling Communications
(415) 749-6550
[email protected]