Sanctum was a Santa Clara, California-based information technology company focused on

application security Application security (short AppSec) includes all tasks that introduce a secure software development life cycle to development teams. Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security i ...

. Sanctum offered a

firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...

AppShield AppShield was the world's first Application firewall. AppShield was conceptualized by Eran Reshef and Gili Raanan and was introduced to the market by Perfecto Technologies (now Sanctum) in the summer of 1999. AppShield is a safeguard for many sys ...

, and scanner,

AppScan HCL AppScan, previously known as IBM AppScan, is a family of desktop and web security testing and monitoring tools, formerly a part of the Rational Software division of IBM. In July 2019, the product was acquired by HCL Technologies and is curre ...

, for application-layer security for Web environments. In 2003 Sanctum was merged with

Watchfire IBM has undergone a large number of mergers and acquisitions during a corporate history lasting over a century; the company has also produced a number of spinoffs during that time. The acquisition date listed is the date of the agreement betw ...

and the company was subsequently acquired by IBM.

History

Sanctum was founded in 1997 as Perfecto Technologies, by Eran Reshef and

Gili Raanan Gili Raanan (born 1969) is an Israeli venture capitalist and one of the inventors of CAPTCHA (US patent application with 1997 priority date ), the WAF (web application firewall) and many other inventions in the fields of application security and ...

. The company released its first product AppShield in summer of 1999. The company has done an extensive research in

and applying formal methods to real life software in collaboration with

Turing Award The ACM A. M. Turing Award is an annual prize given by the Association for Computing Machinery (ACM) for contributions of lasting and major technical importance to computer science. It is generally recognized as the highest distinction in compu ...

winner Professor Amir Penueli. Early research in 1996 and 1997 led to the invention, in parallel to other teams, of

CAPTCHA A CAPTCHA ( , a contrived acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart") is a type of challenge–response test used in computing to determine whether the user is human. The term was coined in 2003 ...

technology, and the application for a US patent for

. In 2000 the company renamed itself to Sanctum. The company was backed by investors

Sequoia Capital Sequoia Capital is an American venture capital firm. The firm is headquartered in Menlo Park, California, and specializes in seed stage, early stage, and growth stage investments in private companies across technology sectors. , Sequoia's total a ...

Intel Capital Intel Capital is a division of Intel Corporation, set up to manage corporate venture capital, global investment, mergers and acquisitions. Intel Capital makes equity investments in a range of technology startups and companies offering hardware, so ...

Goldman Sachs Goldman Sachs () is an American multinational investment bank and financial services company. Founded in 1869, Goldman Sachs is headquartered at 200 West Street in Lower Manhattan, with regional headquarters in London, Warsaw, Bangalore, H ...

, DLJ, Walden and Mofet.

Products

The AppShield product was the first product to inspect incoming

Hypertext Transfer Protocol The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...

requests and block malicious attacks based on a dynamic policy which was composed by analyzing the outgoing

HTML The HyperText Markup Language or HTML is the standard markup language for documents designed to be displayed in a web browser. It can be assisted by technologies such as Cascading Style Sheets (CSS) and scripting languages such as JavaScri ...

pages. Later in June 2000 the company introduced AppScan the world's first

Web Security Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules ...

Vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...

Assessment solution. Among the first clients for AppScan were

Yahoo! Yahoo! (, styled yahoo''!'' in its logo) is an American web services provider. It is headquartered in Sunnyvale, California and operated by the namesake company Yahoo Inc., which is 90% owned by investment funds managed by Apollo Global Man ...

Bank of America The Bank of America Corporation (often abbreviated BofA or BoA) is an American multinational investment bank and financial services holding company headquartered at the Bank of America Corporate Center in Charlotte, North Carolina. The bank w ...

and

AT&T AT&T Inc. is an American multinational telecommunications holding company headquartered at Whitacre Tower in Downtown Dallas, Texas. It is the world's largest telecommunications company by revenue and the third largest provider of mobile tel ...

References

{{Authority control Computer security software companies IBM acquisitions