Sanctum Delivers First Security Testing Solution to Accelerate and Streamline Security Assurance across Entire Enterprise

SANTA CLARA, CALIF.-March 8, 2004-Sanctum, Inc., the established leader in automated Web application security firewall and testing software, today announced the availability of AppScanâ„? 4.5, the first and only security testing tool to deliver standardized Web application security testing across the entire enterprise. AppScan 4.5 QA and Audit Edition facilitate communication across the full development lifecycle, optimizing productivity and communication between developer, QA and audit teams with comprehensive analysis, interpretation and reporting. Built on Sanctum’s patented, intelligent detection and validation engine to help users find and fix the broadest range of vulnerabilities, AppScan 4.5 provides unprecedented protection throughout the development lifecycle and enhanced compliance reporting for regulatory, directive and corporate policy preparedness. By applying standardized testing and collaboration functions throughout the organization, AppScan 4.5 can ensure on-time delivery of quality applications, while significantly improving development efficiency, reducing overall costs and minimizing business risk.

Until now, developer, QA teams and auditors have not shared a common security testing process. The combination of increased complexity in application specs and ongoing lack of communication among departments has complicated the development process, making the development of quality applications an arduous task requiring excess cycles and resources. With the introduction of AppScan 4.5 for QA and auditors, enterprise users can significantly reduce costs every step of the way, eliminating security defects at each phase of the development cycle and prior to deploying Web applications in a live production environment. By streamlining security assurance with a standard testing tool, development teams can deliver applications on-time, in compliance with internal best practices and external regulations, without sacrificing security and quality.

Sanctum’s AppScan 4.5 is the first and only automated testing tool that links development, QA and auditors for true security testing throughout an entire enterprise. With comprehensive fix recommendations, predictive, reproducible results and seamless integration with existing trend and regression testing, AppScan 4.5 makes security a natural extension of current testing processes. AppScan 4.5’s standardized fix recommendations, user-defined policy templates and common reporting language allow QA and auditors to better liaison within the organization, helping users create quality applications at a lower total cost and in compliance with regulations and best practices. With extensive user-defined controls, power users can increase the breadth of audits for more intelligent and accurate testing. Finally, with comprehensive compliance analysis and reporting for U.S. regulations, European directives and custom templates for measuring compliance to internal security best practices, users can now generate multiple compliance reports from a single assessment.

“Emerging technologies like Web services, online bill paying and mobile connections will face development set-backs if the industry does not commit to building security into applications from the very beginning. On top of this, corporate compliance to regulations is now law, holding C-level executives responsible for security breaches of their Web sites and applications. To ensure software applications are without defects, security must be built into the entire development process,” said Steve Orrin, CTO of Sanctum, Inc. “Sanctum was the first Web application security company to develop solutions that address security testing throughout the development lifecycle. AppScan 4.5 builds on that legacy, enhancing the communication between development groups to guarantee that when the application is deployed, security defects have been eliminated. With the additional regulation templates built into the product, everyone from the developer lead to the CEO can rest easy knowing that the applications are in compliance.”

“Security vulnerabilities remain the Achilles heel of applications today. However, application security testing remains an afterthought as application specifications increase in complexity and time-to-market shrinks. With its usability throughout the entire development lifecycle, AppScan enables enterprise QA and developer teams to improve security and job efficiency while remaining on schedule,” said Charles Kolodgy, research director, IDC. “By integrating security testing as a natural part of the process, Sanctum provides developers, QA teams and auditors with a tool they’re comfortable with, delivering significant cost savings and creating a more unified front of everyone involved in application development.”

New features of AppScan 4.5 include:

o Broadest Test Categories-New privacy checks and enhanced XML testing supplement existing ASV and CWV testing; automatically test XML and SOAP applications and environments/infrastructures;
o Advanced Fix Recommendations for QA-Environment-specific fix recommendations (J2EE and .NET) improve communication between developer, QA and audit groups;
o Automated Regulatory/Directive Compliance Verification and Reporting-Built-in templates for U.S. regulations and European Union directives; user-defined policy templates help build custom reports to verify organization-specific best practices compliance using XSLT templates;
o New Results Communication Tools-Facilitate communication of results among development teams and to C-level management, including results consolidation, unique test IDs to track individual tests throughout sessions and XSLT templates for advanced editing and reporting of results content;
o Enhanced User-Defined Controls-For intelligent testing including login/logout test control option, throttle control and server down detection.

Sanctum also announced today the discovery of a new application attack-HTTP Response Splitting, which infects Web server communications and allows hackers to launch Web Cache Poisoning attacks (leading to defacement and next-generation phishing), hijack a Web page with users’ sensitive information, or access data through cross-site scripting. The only security testing tool that can detect and immediately fix HTTP Response Splitting, AppScan 4.5 helps enterprise users stay protected from these next-generation application threats.

Availability
AppScan 4.5 QA Edition and AppScan 4.5 Audit Edition are available immediately in both standalone and enterprise license editions.

About Sanctum, Inc.
Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. is the recognized leader for Web application security solutions. Sanctum software solutions provide automatic enforcement of intended business processes, ensuring the protection of core information and data. By detecting and defending against any unauthorized behavior, Sanctum protects customers against malicious cybercriminal activity-from theft of intellectual property and customer data, to e-commerce fraud and Web site defacement-even if a site has unknown security holes or flaws. Sanctum’s solutions complete a company’s security infrastructure, assure regulatory compliance and create sustainable ROI. Sanctum’s customers include industry leaders in finance, retailing, healthcare, government and telecommunications. Privately held, Sanctum is funded by blue-chip venture capital firms and industry leaders including Sprout Group, Dell, Gemini Israel Funds, Fidelity Ventures, Wachovia Strategic Ventures Group, Mofet Israel Technology Fund and Walden Israel. For more information, visit www.SanctumInc.com or contact the Company directly at (408) 352-2000.