Sanctum (company)

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Private Company
Industry Software,
Information Technology
Fate Acquired
Predecessor Perfecto Technologies
Successor IBM
Founded 1997
Founder Gili Raanan and Eran Reshef
Defunct 2006
Headquarters Herzliya, Israel, Santa Clara, California;
Products AppShield and AppScan

Sanctum[1] was the world's first company to focus on Application security. Sanctum invented the Application security space in the mid-'90s with its firewall, AppShield, and scanner, AppScan, foreseeing the need for better application-layer security for Web environments.[2]


Sanctum was founded in 1997 as Perfecto Technologies, by Eran Reshef and Gili Raanan.

The company released its first product AppShield in summer of 1999.[3]

The company has done an extensive research in application security and applying formal methods to real life software[4] in collaboration with Turing Award winner Professor Amir Penueli. Early research in 1996 and 1997 led to the invention, in parallel to other teams, of CAPTCHA technology, and the application for a US patent for CAPTCHA.[5]

In 2000 the company renamed itself to Sanctum.[6] The company was backed by investors Sequoia Capital, Intel Capital, Goldman Sachs, DLJ, Walden and Mofet.[7]

Technology & Products[edit]

The AppShield product was the first product to inspect incoming Hypertext Transfer Protocol requests and block malicious attacks based on a dynamic policy which was composed by analyzing the outgoing HTML pages.[8][9]

Later in June 2000 the company has introduced AppScan[10] the world's first Web Security Vulnerability Assessment solution. First client for AppScan were Yahoo!,[11] Bank of America and AT&T.[12]


In 2003 Sanctum was merged with Watchfire and the company was subsequently acquired by IBM.[13]


  1. ^ "Sanctum | CrunchBase". Retrieved 2016-09-12. 
  2. ^ "What the Watchfire-Sanctum acquisition means for Web app security". Retrieved 2016-09-12. 
  3. ^ Messmer, Ellen. "CNN - New tool blocks wily e-comm hacker tricks - September 7, 1999". Retrieved 2016-09-12. 
  4. ^ Kesten, Yonit; Klein, Amit; Pnueli, Amir; Raanan, Gil (1999-09-20). Wing, Jeannette M.; Woodcock, Jim; Davies, Jim, eds. FM’99 — Formal Methods. Lecture Notes in Computer Science. Springer Berlin Heidelberg. pp. 173–194. ISBN 9783540665878. 
  5. ^ "Method and system for discriminating a human action from a computerized action". 2004-03-01. 
  6. ^ "Perfecto Changes Name to Sanctum - Globes English". Globes. Retrieved 2016-09-12. 
  7. ^ "DLJ'S Sprout Group Leads $16 Million Investment in Perfecto Technologies; Premier Venture Firm Backs eBusiness Security Software Company. - Free Online Library". Retrieved 2016-09-12. 
  8. ^ "Method and system for extracting application protocol characteristics". 1999-07-01. 
  9. ^ "Method and system for dynamic refinement of security policies". 2002-12-31. 
  10. ^ "Sanctum Introduces AppScan: Industry's First Automated Web Application Security Audit Tool. - Free Online Library". Retrieved 2016-09-12. 
  11. ^ Inc, IDG Network World (2000-06-19). Network World. IDG Network World Inc. 
  12. ^ "Sanctum, Inc. cited as leader in key web security sector". Retrieved 2016-09-12. 
  13. ^ "IBM Buys Watchfire". PCWorld. Retrieved 2016-09-12.