Santa Clara, CALIF. — June 17, 2003 - Sanctum, Inc., the established leader in automated Web application security firewall and testing software, today announced the general availability of AppScan Developer Edition� (DE) 1.7, the only automated testing tool for building secure, quality applications within Microsoft� .NET� Framework or Java� development environments. Already integrated into Microsoft� Visual Studio� .NET, the latest version of AppScan DE now extends secure application development to major Integrated Development Environments (IDEs), including: Microsoft� Visual Studio� .NET 6.0, Borland� JBuilder,� IBM� WebSphere� Studio Application Developer and Eclipse. AppScan DE provides 'Developer Centric' specific fix recommendations, enabling users to consistently detect and fix defects in-line with their current development process and as a result, provides an effective real-time training tool that promotes secure coding practices. With AppScan DE, enterprises are equipped with the tool and training to drive secure Web applications from development to deployment more quickly and cost effectively than ever before.

"Borland is focused on the complete application lifecycle management paradigm. As development teams strive to build better software faster, making security a natural integrated part of the application development process is key to building robust enterprise scale solutions," commented Frank Slootman, senior vice president of software products at Borland Software Corporation. "Quickly identifying and responding to security optimization needs at the development stage reduces risk. Sanctum's offerings can help to provide important time to market gains."

"The acceleration of new Web-based applications calls for automated tools. With AppScan DE, developers have access to an integrated tool that makes secure code an attainable goal so customers can receive quality applications on time," said Charles Kolodgy, Research Manager, Security Products, IDC. "By delivering a security testing tool tailored specifically to developers' needs, Sanctum provides a standard for baking security into developers' code. Because fixing security bugs in production software is so expensive, we believe that tools like this will be a driving force in creating better, more secure, more reliable software across .NET and Java platforms."

According to a 2002 study by the National Institute of Standards and Technology (NIST), buggy software costs the national economy $60 billion, more than a third of which could be saved through improved software testing alone. AppScan DE is the only automated testing tool integrated within the developer's standard workflow that simplifies security unit testing through automation, empowering developers to create quality applications that are secure from inception. AppScan DE redefines quality by enhancing current functionality and performance requirements with security. Available as a plug-in for major Java IDEs, as well as fully integrated into Microsoft Visual Studio .NET 2003 as a project, AppScan DE delivers comprehensive defect analysis with built-in application intelligence. With automated precision script creation, AppScan DE enables reliable and repeatable security unit testing, and encourages real-time training on security testing and secure coding techniques for developers. By reducing development cycles and associated downtime of security defects, AppScan DE means applications are deployed faster, at a lower cost, helping enterprises dramatically improve overall QA and development resources.

"Delivering quality applications to the market has become a mandatory requirement, as enterprises have learned that the cost of fixing defects after deployment is almost fifteen times greater than detecting and eliminating them during development," said Steve Orrin, CTO of Sanctum, Inc. "Large enterprises require the tools and training for their developers on both .NET Framework and Java platforms to add security testing to the current performance and functionality testing that has been required up to now. AppScan DE is the first integrated tool for both independent developers and enterprise-wide adoption that encourages secure coding throughout the application lifecycle across multiple IDEs."

AppScan DE 1.7 key features include:

• Native Plug-In—tests applications built in both Java/J2EE and Microsoft environments, including JBuilder 8 and 9, Visual Studio 6.0, WebSphere Studio Application Developer 5.0, and Eclipse IDE 2.0/2.1. Uses IDE-specific user interfaces to configure and launch AppScan security testing from within the major IDEs.
• Integration with Microsoft Visual Studio .NET 2003—AppScan DE is seamlessly integrated into Visual Studio .NET and Visual Studio .NET 2003, allowing users to stay within the IDE without disruption or disjointed processes. It tests applications built with all languages supported by Visual Studio .NET, including Microsoft� Visual C#� .NET, Microsoft� Visual C++� .NET, Microsoft� Visual Basic� .NET, and Microsoft� Visual J#� .NET.
• Multiple Test Modes—customizable configuration settings enable efficient security testing as part of the development cycle.
• Multiple Language Support—single click scan automatically tests Web applications written in any language supported by IDE used to develop Web applications including C#, C++, VB, Java, EJB, HTML, etc., and compatible with both J2EE and .NET environments.
• Real-Time Analysis—provides analysis and specific code examples for fix recommendations in real time, in-line with the development process. Users can configure test runs simply and quickly with automatic navigation to affected files. The results are date and time stamped and stored logically for quick and easy access.
• 'Developer Centric' Results and Recommendations—analytical tools simplify communicating results with developers, enabling users to view test results and HTTP request details to easily edit and configure reports. Developer-specific vulnerability advisories provide specific fix recommendations and sample code for both .NET and Java environments.

Pricing and Availability
AppScan DE is available immediately directly through Sanctum's eStore at www.SanctumInc.com, through Programmer's Paradise at www.programmersparadise.com , or under an enterprise license directly from Sanctum. AppScan DE has a retail price of $1495.00. With the introduction of AppScan DE in February 2003, Sanctum has announced a promotional price of $995.00 through August 1, 2003.

About Sanctum, Inc.
Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. is the recognized leader for Web application security solutions. Sanctum software solutions provide automatic enforcement of intended business processes, ensuring the protection of core information and data. By detecting and defending against any unauthorized behavior, Sanctum protects customers against malicious cybercriminal activity-from theft of intellectual property and customer data, to e-commerce fraud and Web site defacement-even if a site has unknown security holes or flaws. Sanctum's solutions complete a company's security infrastructure, assure regulatory compliance and create sustainable ROI. Sanctum's customers include industry leaders in finance, retailing, healthcare, government and telecommunications. Privately held, Sanctum is funded by blue-chip venture capital firms and industry leaders including Sprout Group, Dell, Gemini Israel Funds, Fidelity Ventures, Wachovia Strategic Ventures Group, Mofet Israel Technology Fund and Walden Israel. For more information, visit www.SanctumInc.com or contact the Company directly at (408) 352-2000.

For Immediate Release

Contact:

Diane Fraiman
Sanctum, Inc.
(408) 352-2000
[email protected]

Tara Dugan or Sarah Thornton
(415) 512-0770
[email protected]