Sanctum's AppScan Awarded Most Comprehensive U.S. Patent for Web Application Vulnerability Assessment Technology.Business Editors SANTA CLARA Santa Clara, city, Cuba Santa Clara (sän`tä klä`rä), city (1994 est. pop. 217,000), capital of Villa Clara prov., central Cuba. , Calif.--(BUSINESS WIRE)--July 8, 2003 Patent Validates AppScan's Unique Ability to Detect Dynamic Application-Specific Vulnerabilities Sanctum, Inc., the established leader in automated Web application security firewall and testing software, today announced that the U.S. Patent and Trademark Office has issued the company U.S. Patent No. 6,584,569 titled "System for Determining Web Application Vulnerabilities" for the AppScan(TM) product family. The most comprehensive technology patent for Web application vulnerability assessment A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. to date, the AppScan patent covers the product's core functionalities to explore and learn the behavior of each Web application; build a customized scan to test for application-specific vulnerabilities (ASVs) and common Web vulnerabilities (CWVs) found within applications written on any Web application development platform including the Microsoft(R) .NET(TM) Framework and J2EE (Java 2 Platform, Enterprise Edition) A platform from Sun for building distributed enterprise applications. J2EE services are performed in the middle tier between the user's machine and the enterprise's databases and legacy information systems. environments; execute attack variations against target applications; and provide detailed reporting that includes actionable recommendations for fixing the vulnerabilities. The patent validates AppScan's unique ability to detect dynamic application-specific vulnerabilities such as cross-site scripting See XSS. , SQL injection SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not and parameter tampering. Introduced in 2000 as the industry's first Web application vulnerability assessment solution for security auditors, AppScan today drives security through the entire application lifecycle -- development, quality assurance and deployment -- for application developers, quality assurance testers as well as auditors. In addition to the newly awarded patent, Sanctum holds a patent for its Dynamic Policy Recognition Engine (DPRE DPRE Designated Parachute Rigger Examiner DPRE Dynamic Policy Recognition Engine (Sanctum) DPRE Displaced Persons, Refugees, Evacuees ) (U.S. Patent No. 6,311,278), a core technology used in both AppScan and AppShield(TM) products that automatically and continuously defines policy for Web sites without the use of signatures or rules, enforcing the intended business behavior of Web applications. "With the rights granted under the two patents, AppScan and DPRE, Sanctum currently owns the most comprehensive and in-depth intellectual property in the Web application security market. This unique status in the market clearly reflects Sanctum's leadership and innovative approach to Web application security," said Peggy Weigle, chief executive officer, Sanctum. "We are thrilled to see AppScan's continued market adoption, as it is an indispensable tool for enterprises to build secure, quality Web applications and fix the vulnerabilities before they pose significant threats to the safety of corporate data." AppScan 3.5, a standalone application running on Microsoft Windows 2000, brings the combination of speed, accuracy, flexibility and efficiency to the QA testing and audit functions. Building upon the success of AppScan, Sanctum introduced in 2003 AppScan Developer Edition(TM) (DE), the only automated testing tool designed for application developers to build secure, quality applications within Microsoft .NET Framework or Java(TM) development environments. Already integrated into Microsoft Visual Studio Microsoft Visual Studio is Microsoft's flagship software development product for computer programmers. It centers on an integrated development environment which lets programmers create standalone applications, web sites, web applications, and web services that run on any platforms (R) .NET, AppScan DE 1.7 now extends secure application development to major Integrated Development Environments (IDEs), including: Microsoft Visual Basic(R) 6.0, Borland(R) JBuilder(R), IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) (R) WebSphere(R) Studio Application Developer and Eclipse. The rights granted under this patent are effective June 24, 2003. About Sanctum, Inc. Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. is the recognized leader for Web application security solutions. Sanctum software solutions provide automatic enforcement of intended business processes, ensuring the protection of core information and data. By detecting and defending against any unauthorized behavior, Sanctum protects customers against malicious cybercriminal See cybercrook. activity -- from theft of intellectual property and customer data, to e-commerce fraud and Web site defacement de·face tr.v. de·faced, de·fac·ing, de·fac·es 1. To mar or spoil the appearance or surface of; disfigure. 2. To impair the usefulness, value, or influence of. 3. -- even if a site has unknown security holes or flaws. Sanctum's solutions complete a company's security infrastructure, assure regulatory compliance and create sustainable ROI (Return On Investment) The monetary benefits derived from having spent money on developing or revising a system. In the IT world, there are more ways to compute ROI than Carter has liver pills (and for those of you who never heard of that expression, it means a lot). . Sanctum's customers include industry leaders in finance, retailing, healthcare, government and telecommunications. Privately held, Sanctum is funded by blue-chip venture capital firms Name Location Founding date Managing Partners/Directors Specialty Capital managed 5AM Ventures Menlo Park, CA; Waltham, MA 2002 John Diekman, PhD (managing partner), Scott Rocklage, PhD (managing partner), Andrew Schwab (managing partner) life sciences $200M [1] and industry leaders including Sprout Group, Dell, Gemini Israel Funds, Fidelity Ventures, Wachovia Strategic Ventures Group, Mofet Israel Technology Fund and Walden Israel. For more information, visit www.SanctumInc.com or contact the Company directly at 408/352-2000. AppScan, AppScan DE and AppShield are trademarks of Sanctum, Inc. All other product names referenced are the property of their respective owners and are hereby acknowledged. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion