Patent Validates AppScan's Unique Ability to Detect Dynamic Application-Specific Vulnerabilities
Santa Clara, CALIF. July 8, 2003 -
Sanctum, Inc., the established leader in automated Web application security firewall
and testing software, today announced that the U.S. Patent and Trademark Office has
issued the company U.S. Patent No. 6,584,569 titled "System for Determining Web
Application Vulnerabilities" for the AppScan� product family. The most comprehensive
technology patent for Web application vulnerability assessment to date, the AppScan
patent covers the product's core functionalities to explore and learn the behavior
of each Web application; build a customized scan to test for application-specific
vulnerabilities (ASVs) and common web vulnerabilities (CWVs) found within applications
written on any Web application development platform including the Microsoft� .NET�
Framework and J2EE environments; execute attack variations against target applications;
and provide detailed reporting that includes actionable recommendations for fixing
the vulnerabilities. The patent validates AppScan's unique ability to detect dynamic
application-specific vulnerabilities such as cross-site scripting, SQL injection
and parameter tampering.
Introduced in 2000 as the industry's first Web application vulnerability assessment
solution for security auditors, AppScan today drives security through the entire
application lifecycle--development, quality assurance and deployment--for application
developers, quality assurance testers as well as auditors. In addition to the newly
awarded patent, Sanctum holds a patent for its Dynamic Policy Recognition Engine (DPRE)
(U.S. Patent No. 6,311,278), a core technology used in both AppScan and AppShield�
products that automatically and continuously defines policy for Web sites without the
use of signatures or rules, enforcing the intended business behavior of Web applications.
"With the rights granted under the two patents, AppScan and DPRE, Sanctum currently
owns the most comprehensive and in-depth intellectual property in the Web application
security market. This unique status in the market clearly reflects Sanctum's leadership
and innovative approach to Web application security," said Peggy Weigle, chief executive
officer, Sanctum. "We are thrilled to see AppScan's continued market adoption, as it
is an indispensable tool for enterprises to build secure, quality Web applications
and fix the vulnerabilities before they pose significant threats to the safety of
corporate data."
AppScan 3.5, a standalone application running on Microsoft Windows 2000, brings the
combination of speed, accuracy, flexibility and efficiency to the QA testing and
audit functions. Building upon the success of AppScan, Sanctum introduced in 2003
AppScan Developer Edition� (DE), the only automated testing tool designed for
application developers to build secure, quality applications within Microsoft .NET
Framework or Java� development environments. Already integrated into Microsoft Visual
Studio� .NET, AppScan DE 1.7 now extends secure application development to major
Integrated Development Environments (IDEs), including: Microsoft Visual Basic� 6.0,
Borland� JBuilder,� IBM� WebSphere� Studio Application Developer and Eclipse.
The rights granted under this patent are effective June 24, 2003.
About Sanctum, Inc.
Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. is the
recognized leader for Web application security solutions. Sanctum software solutions
provide automatic enforcement of intended business processes, ensuring the protection
of core information and data. By detecting and defending against any unauthorized
behavior, Sanctum protects customers against malicious cybercriminal activity-from
theft of intellectual property and customer data, to e-commerce fraud and Web site
defacement-even if a site has unknown security holes or flaws. Sanctum's solutions
complete a company's security infrastructure, assure regulatory compliance and create
sustainable ROI. Sanctum's customers include industry leaders in finance, retailing,
healthcare, government and telecommunications. Privately held, Sanctum is funded by
blue-chip venture capital firms and industry leaders including Sprout Group, Dell,
Gemini Israel Funds, Fidelity Ventures, Wachovia Strategic Ventures Group,
Mofet Israel Technology Fund and Walden Israel.
For more information, visit
www.SanctumInc.com
or contact the Company directly at (408) 352-2000.
AppScan, AppScan DE and AppShield are trademarks of Sanctum, Inc. All other product
names referenced are the property of their respective owners and are hereby
acknowledged.
For Immediate Release
Contact:
Diane Fraiman
Sanctum, Inc.
(408) 352-2000
[email protected]
Tara Dugan or Annie Kim
(415) 512-0770
[email protected]
|