Enterprise Strategy Group Highlights Application Security, Inc. for Uniquely Addressing the Complete Application Security Lifecycle

LAS VEGAS, NV — (MARKET WIRE) — 05/02/2005 — NETWORLD+INTEROP/BOOTH #1109 — Application Security, Inc. (AppSecInc) today announced that a new Enterprise Strategy Group (ESG) report profiles AppSecInc and its product portfolio as the “next frontier in information security.” AppSecInc is the leading provider of proactive security solutions for corporate and government applications.

AppSecInc will showcase its complete product portfolio at this year’s NetWorld+Interop in Las Vegas, NV, May 2-5, 2005 (Booth # 1109). Company executives are available to meet with members of the media and market research communities during the conference. To schedule an appointment, contact Rebecca Knowles (rknowles@appsecinc.com, 508-725-8930) or Christine Atkinson at CHEN PR (catkinson@chenpr.com, 781-466-8282, ext. 39).

Stressing that “application and database security are no longer a ‘nice to have’,” ESG suggests that AppSecInc is “-¦ the first security vendor to recognize and automate the application security lifecycle.” ESG adds, “-¦ that securing key business systems demands a lifecycle approach. [AppSecInc] provides a comprehensive suite to automate this difficult but vital process.”

The ESG report, “Application Security, Inc. (AppSecInc) Offers Security Lifecycle Management for Critical Applications and Databases,” is authored by analyst Jon Oltsik, head of ESG’s Information Security practice. Within it, Oltsik details recent security breaches such as ChoicePoint and LexisNexis that have raised significant awareness of application vulnerabilities, but represent only the “tip of the proverbial iceberg.” Oltsik cites increasing mobility, extended enterprise systems and privacy regulations as creating a situation where “the holes in Information Security are far larger than most laypeople (and corporate executives) perceive.”

Oltsik advocates defense-in-depth security architectures that — in addition to securing network infrastructure — place significant security investments on databases and related mission-critical applications. ESG data gathered for a recent report states, “While 64% of respondents claim that they have a high level of investment in perimeter security, only 29% say that their organizations have a high level of investment in application security.”(1)

Oltsik continues, “ESG believes that the most effective way to address application and database security is through a comprehensive lifecycle process.” He defines this approach as comprising sequential phases that encompass assessment, prioritization, on-going detection and protection, and constant monitoring.

“During the past 10 years, organizations have established a process for securing infrastructure and have applied it to networks and general-purpose hosts,” said Ted Julian, VP Marketing, AppSecInc. “But now attackers are directly targeting databases — where critical information sits 99.9% of the time. They’re doing that partly because that’s where the gold is, but also because — ironically — these assets are significantly under-protected. We view it as a great endorsement that ESG has identified AppSecInc’s products as a model for how a layered defense can be achieved.”

Delivering the industry’s only complete vulnerability management solution for the application tier, AppSecInc’s product portfolio includes:

— AppDetective – the most widely deployed vulnerability assessment scanner for the application tier

— AppRadar – the industry’s only real-time database intrusion detection and auditing solution that combines the most extensive set of application- specific protections with highly granular and easily customized real-time monitoring, delivering best-practices security which can be easily tuned to address unique security and regulatory requirements

— DbEncrypt – award-winning, column level encryption for production databases

— AppSecIncConsole – a Web-based application security management console that provides role-based access and easy scaling of AppDetective and AppRadar deployments throughout an enterprise, with no impact on business operations With Visa as an investor/strategic partner and one of its 300+ customers worldwide, AppSecInc is the market share leader in the rapidly growing database security market. Led by a team with unmatched database security expertise, company executives have previously founded security industry forerunners including DbSecure (acquired by Internet Security Systems), @Stake (acquired by Symantec), Raptor (now part of Symantec) and Arbor Networks. Notably, AppSecInc Co-founder Aaron Newman is the world’s foremost database security expert and co-author of the Oracle Security Handbook.

About Application Security, Inc. (AppSecInc)

AppSecInc is the leading provider of application security solutions for the enterprise. AppSecInc’s products — the industry’s only complete vulnerability management solution for the application tier — proactively secure enterprise applications at more than 300 organizations around the world. By securing data at its source, we enable organizations to more confidently extend their business with customers, partners and suppliers while meeting regulatory compliance requirements. Our security experts, combined with our strong support team, deliver up-to-date application safeguards that minimize risk and eliminate its impact on business. Please contact us at 1-866-927-7732 to learn more, or visit us on the web at www.appsecinc.com.

AppSecInc, AppDetective, AppRadar and DbEncrypt are trademarks of Application Security, Inc. All other company and product names are trademarks of their respective companies.

(1) ESG Report “Network Security and Intrusion Prevention” by Jon Oltsik, January 2005.