Watchfire will buy Web app testing company Sanctum for an undisclosed amount, it revealed yesterday.

The business management software company will add Sanctum's technology for spotting vulnerabilities in Web applications to its WebXM enterprise management platform, which allows customers to track Web application compliance to security policies and regulations.

Watchfire bought Sanctum's products and intellectual property in the deal, including the AppScan Web application testing software and AppShield application firewall. Watchfire, with 190 employees, will take on more than 75 Sanctum employees, including a research and development hub in Israel, which will be added to Watchfire's other development center in Canada, said the company's founder and chairman, Mike Weider.

Some employees will lose their jobs although Watchfire plans to maintain "some presence" at Sanctum's former headquarters.

A WebXM version with the AppScan technology should be released by November. The merged product will give executives a dashboard, or centralised console. Top down reviews by management will put more pressure on developers to focus on security, compared with developer-controlled and initiated security scanning tools, Weider said. "The way security assessments are done now at the development level, there's no way to know, across an enterprise, how a company is doing at a point in time. If a developer chooses not to use scanning tools, then vulnerabilities can sneak into the development environment."

Sanctum's AppScan and AppShield product will retain their names and continue to be sold separately. AppScan will also be turned into a module for WebXM that can be used to crawl over product Web applications and feed vulnerability information back to the WebXM dashboard.

The two similar-sized companies already compete in some areas and share some customers, especially in the financial services industry. However, Weider claimed the integrated development will compensate for the overlap. The acquisition of Sanctum is expected to close within 30 days, Weider said.