With the growing attachment to digital innovations and the never-ending connectivity between work and personal lives, our world has been filled with data and comprised of vulnerabilities. As a result, cybercrime is rising at an alarming rate and businesses have become extremely vulnerable to cybersecurity threats.
Headquartered in California, US, Tinfoil Security provides security tools for developers and DevOps teams. They integrate into your current development workflow, empowering developers to find and fix vulnerabilities as a part of their normal development process. Their goal is to increase bandwidth for your security teams while training developers to code more securely and treat vulnerabilities as normal bugs. Whether you’re building web applications or APIs powering mobile backend servers, IoT devices, and web services, they have a dynamic vulnerability scanner that’s right for you and your team.
The company’s enterprise offerings include access to a multitude of tools that help integrate security into the DevOps process. They can scan any internal application, either via a secure tunnel or a fully-managed virtual appliance. Tinfoil Security’s DevOps integrations include an easy-to-use API that hooks their scanner into the secure development life cycle (SDLC) or your continuous integration (CI) systems, including first-party plugin for Jenkins. With tailored results and seamless integrations with JIRA (and other issue trackers), developers are empowered to fix vulnerabilities before they hit the public. To make the vulnerability fixing process even simpler, Tinfoil Security also features single-click replay attacks and immediate rescans. This allows developers to not only see the attack live, but also to verify remediations within minutes of being applied, instead of waiting hours for a full new scan.
The Visionary Duo of Founders
Ainsley Braun, the CEO and Cofounder of Tinfoil Security, makes sure to instill a company culture that prides itself on community and giving back. After graduating from MIT, she joined Booz Allen Hamilton as a cybersecurity consultant, and quickly became known as a leader within the industry. Ainsley teamed up with fellow MIT alumnus Michael Borohovski and started Tinfoil Security, Inc. Apart from being a member of the Silicon Valley Leadership Group (SVLG), she is also a Board Member on the Council for Women in Cybersecurity, as part of the California Technology Council (CTC). Ainsley regularly mentors startups from communities such as StartX, 500 Startups, and the Plug and Play Tech Center.
As CTO, Michael’s technical abilities have helped Tinfoil Security to create a superior range of products that lie on the cutting-edge of today’s cybersecurity needs. Before founding Tinfoil Security and upon graduating MIT, Michael worked doing offensive software security for ManTech, a company that provides innovative technologies and solutions for missioncritical national security programs for the Intelligence Community; the Departments of Defense, State, Homeland Security, Health and Human Services, Veterans Affairs and Justice, and also the Federal Bureau of Investigation (FBI); the space community; and other U.S. government customers.
Strategies that improve the IoT journey
Tinfoil Security currently offers two products, mentioned below:
Web Scanner: Most CISOs at enterprise companies deplore their current security solutions, or are just too jaded to even deal with third-party integrations, especially for scanning web applications. With their web scanner, Tinfoil Security checks for over 80 classifications of vulnerabilities, including all of the OWASP Top 10 Web Application Security Risks, and is always adding support for more as new zero-day vulnerabilities are discovered. This web scanner can scan each time a new version of a site is deployed, and can also log into any website, including SAML / Single Sign-On authenticated sites. The company also has its patentpending Login Recorder (available as a Google Chrome extension) that allows the user to teach the Tinfoil Security scanner how to authenticate into the site by recording their login sequence. Constant, real-time updates make the user confident that their site is being protected against the latest threats.
API Scanner: The Tinfoil Security API Scanner boasts the ability to detect vulnerabilities in any API, including web-connected devices such as mobile backend servers, IoT devices, as well as any RESTful APIs. The few competing tools that are currently available lack coverage depth, or are focused on acting as a firewall or unintelligent fuzzer. Vulnerabilities focused on authorization and access control concerns, or even web-like vulnerabilities, like XSS, manifest in different ways and with different exploitation vectors than they do for web applications, and the Tinfoil Security API Scanner is aware of these differences, and explicitly targets them.
Security for DevOps
Tinfoil Security provides security tools for developers and DevOps teams. We integrate into your current development workflow, empowering developers to find and fix vulnerabilities as a part of their normal development process. Our goal is to increase bandwidth for your security teams while training developers to code more securely and treat vulnerabilities as normal bugs. Whether you’re building web applications or APIs powering mobile backend servers, IoT devices, and web services, we have a dynamic vulnerability scanner that’s right for you and your team. Tinfoil’s security tools empower developers to build with security in mind and fix issues in real-time, leaving the security team to focus on the bigger picture of your organization’s needs.
Focus on Enterprise
In the initial years, Tinfoil’s focus was exclusively focused on SMBs, as they made up an underserved market that sorely needed help with their application security tooling and process. As the company grew and gained SMB market share, it discovered that enterprise organizations actually had very similar problems and lacked solutions to bridge the gap between their large development teams and their vastly smaller security teams. This made them realize in order to steer Tinfoil Security in the direction of becoming a globally competitive player in this space, the primary focus should be turned towards enterprise. This strategy has led the company well into profitability, while maintaining, supporting, and selling to tens of thousands of customers in the SMB market.
Tinfoil Security just launched their API Scanner in March 2018 and they plan to continuously improve the state of the industry’s tools in combating attackers around the world.