Sanctum (company)

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Private Company
Information Technology
PredecessorPerfecto Technologies
FounderGili Raanan and Eran Reshef
HeadquartersHerzliya, Israel,
ProductsAppShield and AppScan

Sanctum was a Santa Clara, California-based information technology company focused on application security.[1] Sanctum was credited for inventing the application security space in the mid-'90s with its firewall, AppShield, and scanner, AppScan, when it foresaw the need for better application-layer security for Web environments.[2]

In 2003 Sanctum was merged with Watchfire and the company was subsequently acquired by IBM.[3]


Sanctum was founded in 1997 as Perfecto Technologies, by Eran Reshef and Gili Raanan.

The company released its first product AppShield in summer of 1999.[4]

The company has done an extensive research in application security and applying formal methods to real life software[5] in collaboration with Turing Award winner Professor Amir Penueli. Early research in 1996 and 1997 led to the invention, in parallel to other teams, of CAPTCHA technology, and the application for a US patent for CAPTCHA.[6]

In 2000 the company renamed itself to Sanctum.[7] The company was backed by investors Sequoia Capital, Intel Capital, Goldman Sachs, DLJ, Walden and Mofet.[8]


The AppShield product was the first product to inspect incoming Hypertext Transfer Protocol requests and block malicious attacks based on a dynamic policy which was composed by analyzing the outgoing HTML pages.[9][10]

Later in June 2000 the company introduced AppScan the world's first Web Security Vulnerability Assessment solution.[11] Among the first clients for AppScan were Yahoo!,[12] Bank of America and AT&T.[13]


  1. ^ "Sanctum | CrunchBase". Retrieved 2016-09-12.
  2. ^ "What the Watchfire-Sanctum acquisition means for Web app security". Retrieved 2016-09-12.
  3. ^ "IBM Buys Watchfire". PCWorld. 2007-06-06. Retrieved 2016-09-12.
  4. ^ Messmer, Ellen. "CNN - New tool blocks wily e-comm hacker tricks - September 7, 1999". Retrieved 2016-09-12.
  5. ^ Kesten, Yonit; Klein, Amit; Pnueli, Amir; Raanan, Gil (1999-09-20). Wing, Jeannette M.; Woodcock, Jim; Davies, Jim (eds.). FM'99 — Formal Methods. Lecture Notes in Computer Science. Springer Berlin Heidelberg. pp. 173–194. doi:10.1007/3-540-48119-2_12. ISBN 9783540665878.
  6. ^ "Method and system for discriminating a human action from a computerized action". 2004-03-01. Cite journal requires |journal= (help)
  7. ^ "Perfecto Changes Name to Sanctum - Globes English". Globes. Retrieved 2016-09-12.
  8. ^ "DLJ'S Sprout Group Leads $16 Million Investment in Perfecto Technologies; Premier Venture Firm Backs eBusiness Security Software Company. - Free Online Library". Retrieved 2016-09-12.
  9. ^ "Method and system for extracting application protocol characteristics". 1999-07-01. Cite journal requires |journal= (help)
  10. ^ "Method and system for dynamic refinement of security policies". 2002-12-31. Cite journal requires |journal= (help)
  11. ^ "Sanctum Introduces AppScan: Industry's First Automated Web Application Security Audit Tool. - Free Online Library". Retrieved 2016-09-12.
  12. ^ Inc, IDG Network World (2000-06-19). Network World. IDG Network World Inc.
  13. ^ "Sanctum, Inc. cited as leader in key web security sector". Retrieved 2016-09-12.