SANTA CLARA, CALIF. — September 17, 2001 - Sanctum, Inc., the recognized leader in Web application control and security software, today announced the availability of AppScan 2.5™ software. AppScan 2.5 automates the complex manual task of auditing Web applications for vulnerabilities to ensure that sites are safe from flaws that can be exploited by malicious hackers. Offering a powerful combination of efficiency, accuracy, and flexibility, AppScan 2.5 allows Internet security professionals to proactively evaluate and fix potential weaknesses in their Web site. AppScan 2.5 provides the user with the most comprehensive view of their applications and takes the human guessing and inconsistency out of Web site vulnerability assessment.

"As evidenced by the recent onslaught of destructive breaches such as the Code Red Worm and its variants, manual Web application vulnerability assessment is simply not an effective option anymore," said Peggy Weigle, CEO of Sanctum. "The design goal for AppScan 2.5 was improved accuracy, efficiency and flexibility, to give our customers more control over their application audits. As proven through ROI analysis, AppScan users have increased their audit efficiency by up to 500% over manual audits. From our own extensive audit experience, the AppScan knowledge base has been significantly enhanced to better detect vulnerabilities and deliver less false positives. We have added new features based on customer input that extend the reach of risk assessment to more users, regardless of their skill levels."

Assessing the technical risk inherent in Web applications is a critical component of the overall IT security spend today. AppScan 2.5 provides auditors, developers, QA and operations managers with an intelligent application vulnerability assessment tool that accelerates ROI through automation. Sanctum's AppScan 2.5™ software gives users full control over a reliable audit process by dynamically crawling through a site, intelligently scanning for both known and unknown application vulnerabilities and providing recommendations for fixing these vulnerabilities, including the most up-to-date patches and techniques available.

"Ensuring 'Web readiness' is critical for an organization's success in e-business," said Fred Rica, partner, PricewaterhouseCoopers. "As one part of our Web operational readiness reviews - which includes risk assessment, capacity planning and privacy compliance - we use Sanctum's AppScan to help us evaluate vulnerabilities in our client's Web applications. PricewaterhouseCoopers works with best-of-breed technology providers across the security industry to provide our clients with reliable, efficient and effective security solutions. Sanctum's AppScan 2.5 is one of the leading Web application risk assessment products on the market today."

AppScan 2.5
New features of AppScan 2.5 include:

• Efficiency — New features streamlining the audit process, including automatic form fillers and user defined filtering mechanisms, help deliver a 500% improvement of efficiency over manual audits. A new tool to measure ROI has also been designed to help customers measure the efficiency improvement possible with an automated solution.
  
  
• Accuracy — As the primary design goal for this release, Sanctum's extensive experience of over 300 ethical hacks are reflected in AppScan 2.5's knowledge base, resulting in enhanced accuracy of the data and a substantial reduction in false positives. Bottom line, increased reliability and less time spent analyzing audit results.
  
  
• Flexibility — New features including user-defined custom rules, user-friendly reporting, new report editors and offline session mode help extend the reach of risk assessment to users of varying skill levels within the organization.

Pricing and Availability
AppScan 2.5™ software is available immediately. Pricing is available for both end users and security auditors on a subscription basis.

About Sanctum, Inc. (www.SanctumInc.com)
Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. is the recognized leader for Web application security solutions. Sanctum software solutions provide automatic enforcement of intended business processes, ensuring the protection of core information and data. By detecting and defending against any unauthorized behavior, Sanctum protects customers against malicious cybercriminal activity-from theft of intellectual property and customer data, to e-commerce fraud and Web site defacement-even if a site has unknown security holes or flaws. Sanctum's solutions complete a company's security infrastructure, assure regulatory compliance, and create sustainable ROI. Sanctum's customers include industry leaders in finance, retailing, healthcare, government and telecommunications. Privately held, Sanctum is funded by blue-chip venture capital firms and industry leaders including Sprout Group, Dell, Gemini Israel Funds, Fidelity Ventures, First Union eVentures Group, Mofet Israel Technology Fund and Walden Israel. For more information, visit www.SanctumInc.com or contact the Company directly at (408) 352-2000.

For Immediate Release
Contact:

Drea Garrison or Tara Dugan
Schwartz Communications, Inc.
(415) 512-0770
[email protected]