Sanctum Inc. was a Santa Clara, California-based information technology company focused on

application security Application security (short AppSec) includes all tasks that introduce a secure software development life cycle to development teams. Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security is ...

. Sanctum offered a

firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...

, AppShield, and scanner, AppScan, for application-layer security for Web environments. In 2003 Sanctum was merged with

Watchfire IBM has undergone a large number of mergers and acquisitions during a corporate history lasting over a century; the company has also produced a number of spinoffs during that time. The acquisition date listed is the date of the agreement betwe ...

and the company was subsequently acquired by

IBM International Business Machines Corporation (using the trademark IBM), nicknamed Big Blue, is an American Multinational corporation, multinational technology company headquartered in Armonk, New York, and present in over 175 countries. It is ...

History

Sanctum was founded in 1997 as Perfecto Technologies, by Eran Reshef and

Gili Raanan Gili Raanan (; born 1969) is an Israeli venture capitalist and former founder of multiple software companies. Raanan started Sanctum in 1997, the company that created the Web application firewall AppShield and the web application penetration t ...

. The company released its first product AppShield in summer of 1999. The company has done an extensive research in

and applying formal methods to real life software in collaboration with

Turing Award The ACM A. M. Turing Award is an annual prize given by the Association for Computing Machinery (ACM) for contributions of lasting and major technical importance to computer science. It is generally recognized as the highest distinction in the fi ...

winner Professor Amir Penueli. Early research in 1996 and 1997 led to the invention, in parallel to other teams, of

CAPTCHA Completely Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA) ( ) is a type of challenge–response authentication, challenge–response turing test used in computing to determine whether the user is human in order to de ...

technology, and the application for a US patent for

. In 2000 the company renamed itself to Sanctum. The company was backed by investors

Sequoia Capital Sequoia Capital Operations, LLC is an American venture capital firm headquartered in Menlo Park, California, specializing in seed stage, early stage, and growth stage investments in private companies across technology sectors. the firm had appro ...

Intel Capital Intel Capital Corporation started off as the investment arm of Intel Corporation in 1991 and in January 2025, it spun off as a standalone investment fund. Intel Capital makes equity investments in a range of technology startups and companies off ...

Goldman Sachs The Goldman Sachs Group, Inc. ( ) is an American multinational investment bank and financial services company. Founded in 1869, Goldman Sachs is headquartered in Lower Manhattan in New York City, with regional headquarters in many internationa ...

, DLJ, Walden and Mofet.

Products

The AppShield product was an early

Web application Firewall A web application firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service. By inspecting HTTP traffic, it can prevent attacks exploiting a web application's known vulne ...

. AppShield was conceptualized by

Eran Reshef Eran is an ancient town and archaeological site in the Sagar district of Madhya Pradesh, India. It was one of the ancient mints for Indian dynasties as evidenced by the diverse coins excavated here. The site has 5th and 6th-century Gupta era t ...

and

and was introduced to the market in 1999. AppShield worked by inspecting incoming

HTTP HTTP (Hypertext Transfer Protocol) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, wher ...

requests and blocking malicious attacks based on a dynamic policy which was composed by analyzing the outgoing

HTML Hypertext Markup Language (HTML) is the standard markup language for documents designed to be displayed in a web browser. It defines the content and structure of web content. It is often assisted by technologies such as Cascading Style Sheets ( ...

pages. A 2002 ZDNet article noted that in the three years following its launch, it had been used by 60

Fortune 100 The ''Fortune'' 500 is an annual list compiled and published by ''Fortune'' magazine that ranks 500 of the largest United States corporations by total revenue for their respective fiscal years. The list includes publicly held companies, along w ...

companies. Watchfire acquired Sanctum in 2004, and subsequently sold the intellectual property for AppShield to

F5 Networks F5, Inc. is an American technology company specializing in application security, multi-cloud management, online fraud prevention, application delivery networking (ADN), application availability and performance, and network security, access, a ...

, which discontinued the product in favor of its competing TrafficShield product. In June 2000 the company introduced AppScan the world's first

Web Security Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules an ...

Vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." The understanding of social and environmental vulnerability, as a methodological approach, involves ...

Assessment solution. Among the first clients for AppScan were

Yahoo! Yahoo (, styled yahoo''!'' in its logo) is an American web portal that provides the search engine Yahoo Search and related services including My Yahoo, Yahoo Mail, Yahoo News, Yahoo Finance, Yahoo Sports, y!entertainment, yahoo!life, and its a ...

Bank of America The Bank of America Corporation (Bank of America) (often abbreviated BofA or BoA) is an American multinational investment banking, investment bank and financial services holding company headquartered at the Bank of America Corporate Center in ...

and

AT&T AT&T Inc., an abbreviation for its predecessor's former name, the American Telephone and Telegraph Company, is an American multinational telecommunications holding company headquartered at Whitacre Tower in Downtown Dallas, Texas. It is the w ...

References

{{Authority control 1997 establishments in California 2006 disestablishments in California 2006 mergers and acquisitions American companies established in 1997 American companies disestablished in 2006 Computer companies established in 1997 Computer companies disestablished in 2006 Computer security software companies Defunct computer companies of the United States Defunct networking companies Defunct software companies of the United States IBM acquisitions Networking companies of the United States Networking hardware companies