PRESS RELEASE

NEW YORK & SAN FRANCISCO --(Business Wire)-- Apr 20, 2009 RSA Conference Application Security, Inc., the leading provider of database security, risk and compliance solutions for the enterprise, today announced AppDetectivePro 6.0 featuring powerful user rights review capabilities. The AppDetective User Rights Review (URR) module " which can be purchased separately, or as part of the comprehensive AppDetectivePro 6.0 database scanning solution " provides auditors, IT advisors, and consultants with a detailed view of an organization's data ownership, access controls, and rights to sensitive information.

The new offering allows organizations to establish and document compliance with the segregation of duties and controls required by industry and government regulations, and reduces a formerly insurmountable task to a few mouse clicks on an IT advisor's laptop.

In addition to user rights functionality, AppDetectivePro 6.0 includes the following robust functionality:

Cross platform support for all Tier 1 DBMS, including Oracle, Microsoft SQL Server, IBM DB2, Sybase, MySQL, and Lotus Notes/Domino. The industry's most extensive vulnerability knowledgebase, consisting of over 2000 vulnerabilities, over 1400 checks, and over 1000 rules Agent-less database discovery and scanning "Outside-In" Penetration Testing and "Inside-In" Audit Scanning Automated "Fix Script" generation Extensive reporting capabilities "Separation of duties and controls are a mandatory requirement of PCI, SOX, HIPAA, FISMA, and a host of other regulations," said Josh Shaul, vice president, product management, Application Security, Inc. "Prior to AppDetectivePro 6.0 with User Rights Review, responding to these mandates required an excruciating effort and inevitably led to human error. Our solution allows auditors and enterprise organizations to identify all users, their privileges, and how they obtained those privileges through a rapid, and efficient process. What was formerly a near impossible task is now a simple automated procedure."

The knowledgebase that serves as the foundation for AppDetectivePro 6.0 is the industry's largest known collection of database vulnerabilities. The company's threat research group, Team SHATTER, continues to add vulnerability assessment and configuration checks and database audit rules to ensure that AppDetectivePro delivers the industry's highest level of protection - a distinction that has made it the de facto database audit and assessment solution.

"Most organizations struggle to demonstrate access controls around the confidential information that resides in their databases," said Scott Laliberte, a managing director with Protiviti Inc., a global business consulting and internal audit firm. "Today's organizations are experiencing significant increases in the amount of data they're responsible for and the number of individuals that require access. An absence of appropriate data privileges and entitlement can pose a serious threat to large data environments. The automation capabilities of tools like AppDetectivePro can help save time and facilitate the review of access controls to ensure they are appropriate."

For more detailed information on the full capabilities of AppDetectivePro 6.0, please visit: http://www.appsecinc.com/products/appdetective/index.shtml.

About Application Security, Inc.

Application Security, Inc. is the leading provider of cross platform database security, risk and compliance solutions for the enterprise. Application Security, Inc.'s products " AppDetetectivePro and DbProtect " deliver the industry's most comprehensive database security solution and are used around the world in the most demanding environments by over 1,500 customers. The company was named to Inc. Magazine's 2007 (Inc. 500) and 2008 list of America's Fastest Growing Private Companies, and was also named to the 2008 Deloitte Technology Fast 50 by Deloitte & Touche.

For more information, please visit www.appsecinc.com.