AppSec's AppDetectivePro Earns Common Criterial Certification

PRESS RELEASE

NEW YORK, May 2, 2011 Application Security, Inc. (AppSec), the leading provider of database security, risk and compliance solutions (SRC) for the enterprise, today announced that AppDetectivePro has earned certification for Common Criteria Evaluation Assurance Level 2 augmented with ALC_FLR.2 and AVA_MSU.1 (EAL 2+). In order to achieve EAL 2+ certification, AppDetectivePro endured a thorough vetting process executed by a third-party evaluation service designed to ensure users of the reliability and trustworthiness of the product.

Common Criteria evaluations involve formal, rigorous analysis and testing to examine security aspects of a product or system. Extensive testing activities confirm that AppSec product design and tested operation conform to standards sanctioned by the International Standards Organization. The certification further ensures that the AppDetectivePro product functions according to specification, and will not introduce security weaknesses or potential vulnerabilities into a customer environment.

“This prestigious and independent validation is a testament to AppSec’s ongoing commitment and dedication to providing our customers in the government and enterprise sectors with the best in class database security solutions,” said Josh Shaul, Chief Technology Officer, AppSec. “Our customers trust us to secure their most sensitive data assets and AppDetectivePro’s Common Criteria certification provides one more layer of assurance that critical business data is in good hands with AppSec.”

With tens of thousands of licenses shipped globally, AppDetectivePro is the de-facto standard for database SRC audits worldwide. AppDetectivePro discovers, examines, reports and proposes fixes for database security vulnerabilities and misconfigurations. The solution provides auditors, IT advisors and internal audit teams with detailed compliance reports and a comprehensive view of an organization's database asset inventory, vulnerability profile, access controls and entitlements to sensitive information.

Common Criteria is an internationally recognized security certification required by the U.S., Canada, France, Germany, Netherlands, U.K. and certain other governments worldwide for departments and agencies seeking to procure commercial products. Common Criteria certification also assures businesses that a product has been certified as meeting a standard measure of security, and can be trusted for use internally or in solutions for customers.

The evaluation was performed by SAIC’s Common Criteria Testing Laboratory (CCTL). SAIC is one of only nine CCTLs approved by the National Information Assurance Partnership that meet U.S. Common Criteria Evaluation and Validation Scheme. These labs conduct IT security evaluations for conformance to the Common Criteria for Information Technology Security Evaluation, International Standard ISO/IEC 15408.

For specific reference information regarding AppDetectivePro’s certification, visit: http://www.niap-ccevs.org/st/vid10257/.

About Common Criteria

The National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) established the National Information Assurance Partnership (NIAP) to evaluate IT product conformance to the Common Criteria for Information Technology Security Evaluation, an international standard. The program, officially known as the NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) is a partnership between the public and private sectors to help organizations select commercial off-the-shelf information technology (IT) products that meet their security requirements and to help manufacturers of those products gain acceptance in the global marketplace. Twenty-four countries now recognize the Common Criteria as the official third-party evaluation criteria for IT security procedures.

About SAIC

SAIC is a FORTUNE 500' scientific, engineering and technology applications company that uses its deep domain knowledge to solve problems of vital importance to the nation and the world, in national security, energy and the environment, critical infrastructure, and health. The company's approximately 43,000 employees serve customers in the U.S. Department of Defense, the intelligence community, the U.S. Department of Homeland Security, other U.S. Government civil agencies and selected commercial markets. Headquartered in McLean, Va., SAIC had annual revenues of $11.1 billion for its fiscal year ended January 31, 2011. For more information, visit www.saic.com.

About Application Security, Inc.

AppSec is a pioneer and leading provider of database security, risk and compliance (SRC) solutions for the enterprise. By providing strategic and scalable software-only solutions – AppDetectivePro for auditors and IT advisors, and DbProtect for the enterprise – AppSec supports the database SRC lifecycle for some of the most complex and demanding environments in the world across more than 2,000 commercial and government customers.

Leveraging the world’s most comprehensive database security knowledgebase from the company’s renowned team of threat researchers, TeamSHATTER, AppSec products help customers achieve unprecedented levels of data security from nefarious or accidental activities, while reducing overall risk and helping to ensure continuous regulatory and industry compliance.

For more information, please visit: www.appsecinc.com | www.teamshatter.com