Tinfoil Security: Delivering more than Security

Most CISO’s at enterprise companies deplore their current security solutions, and are too jaded to deal with third party integrators — especially for scanning web applications. Thankfully, Tinfoil Security has come in to restore your confidence, and make you and your team passionate about tackling cybersecurity again!

Tinfoil Security understands that for large enterprise companies, development teams are hundreds to thousands strong, while security teams are often vastly smaller. Development teams continually test for functional bugs (using unit tests, integration tests, etc.), but due to the complexity and time it can take, there is little to no testing done for cybersecurity related issues.

Tinfoil brings much-needed tools directly into your development process, allowing developers to take on aspects of your cybersecurity without learning new tools or adding burden. Tinfoil’s effortless SaaS cybersecurity solutions protect the hard work of DevOps teams across the companies that use it.

Ainsley Braun, the Co-founder and CEO of Tinfoil Security, states “We have focused on creating the most comprehensive, transparent and usable security products on the market. By focusing on developers, our products have streamlined the security process to provide the first line of security tools that easily integrate into any DevOps or SDLC process.”

The evolving company strategy

During its initial years, Tinfoil was focused exclusively on SMBs, as it was an underserved market that sorely needed help with its application security tooling and processes. As the company grew and gained SMB market share, it discovered that enterprise organizations actually had very similar problems and lacked solutions to bridge the gap between the vastly increased speed of development and the relatively smaller security teams. “We quickly realized that in order to steer Tinfoil Security in the direction of becoming a globally competitive player in this space, we had to switch our focus into the enterprise,” recalls Ainsley.

This strategy led the company into profitability, while still maintaining, supporting, and selling to tens of thousands of customers in the SMB market.

The profitability turnover was in large part due to its ability to adapt and implement an innovative strategy, while leading with an agile sales and operations process within the firm. The company made sure to keep track of and provide superior support to each and every customer, even as they reached tens of thousands customers. Through this constant involvement, Tinfoil designed its product for better UI and UX functionality, making it seamless, integrated, and usable for DevOps and development teams. Security engineers and developers now have a security product they would not want to be without, ensuring the sustainability and growth of Tinfoil Security.

Services that echoes quality

• Web Scanner: Tinfoil checks for over 60 classifications of vulnerabilities, with hundreds to thousands of specific checks for each type, including all of the OWASP Top 10 Web Application Security Risks. Additionally, they are always adding more as new zeroday vulnerabilities are discovered. The company scans each time a new version of its clients’ site is deployed, and can also log into any website, including SAML / Single Sign-On authenticated sites. Its patent-pending Login Recorder (available as a simple Google Chrome extension) allows companies to teach the Tinfoil Security scanner how to authenticate into their applications by recording their login sequence. Tinfoil constantly updates in real-time, so customers can be confident that their applications are being protected against the latest threats. The platform regularly incorporates new tests, and consistently scores higher than any other scanner on open-source benchmarks.

• API SCANNER: The Tinfoil Security API Scanner is able to detect vulnerabilities in any API, including web-connected devices such as mobile backend servers, IoT devices, as well as any RESTful APIs. The few tools that are currently available lack coverage depth in API security, or are focused on acting as a firewall or unintelligent fuzzer. Vulnerabilities focused on authorization and access control concerns, or even web-like vulnerabilities, like XSS, manifest in different ways and with different exploitation vectors than they do for web applications. The security concerns for an API are fundamentally different from those for web applications. Tinfoil’s API scanner has been built, from the ground up, to focus on APIs specifically, rather than jury-rigging a web application scanner to be able to handle APIs half-well.

A transparent process

Unlike Tinfoil’s competitors, the company is completely transparent in its process. The Tinfoil dashboard shows you real-time scan activity and updates, while outlining expert recommendations to the clients’ DevOps team for implementation using their current CI systems or issue trackers (i.e. JIRA, Jenkins). To make the vulnerability fixing process even simpler, Tinfoil also produces single-click replay attacks and single-click rescans, allowing developers to not only see the exploit live but know when they’ve fixed it within a minute, rather than waiting hours or days for a full new scan. This ensures the right developer can get the vulnerabilities fixed before they hit the public. Tinfoil’s security tools empower developers to build with security in mind and fix issues in real time, leaving the security team to focus on the bigger picture of their organization’s needs. The dynamic heuristic testing of Tinfoil allows it to find more web application vulnerabilities than anyone else, with fewer false positives.

Experience coupled with vision

Since the launch of Tinfoil Security in 2011 the company has provided security to tens of thousands of customers, ranging in size from SMBs to the top Fortune 100. As CEO of the company, Ainsley makes sure to instill a company culture that prides itself on its community and giving back.

Ainsley realized that she wanted to be a leader and an innovator in the cybersecurity industry during her time consulting with Booz Allen Hamilton, where she worked upon graduating from MIT. As a member of their Strategic Technology and Innovation division, she worked largely with the United States Department of Defense (DoD) clients. It was here where she realized the vast number and variety of vulnerabilities facing the majority of the SMB market and, unexpectedly, how many of the same security risks extended to large enterprise companies.

This led her to team up with fellow MIT alumnus Michael Borohovski to build Tinfoil Security. Ainsley is also a member of the Silicon Valley Leadership Group (SVLG), which represents more than 400 of Silicon Valley’s most respected employers on issues, programs, and campaigns that affect the economic health and quality of life in Silicon Valley. She is a Board Member on the council for Women in Cybersecurity at California Technology Council (CTC) working on initiatives to help educate and attract more women into the industry. Additionally, she mentors StartX teams as a Neighborhood Lead, sits on the Female Founders Board as a Member, and is part of their Selection Committee.

A continuous zeal to improve and succeed

Tinfoil Security builds cybersecurity solutions that empower DevOps teams. With the most comprehensive and usable security products on the market, Tinfoil streamlines your security needs with tools that easily integrate into any DevOps process or SDLC. The DevOps teams become the critical first line of defense, increasing bandwidth for security teams to prioritize and enhance more strategic security initiatives.

Tinfoil Security works to continuously improve the state for the industry’s tools in combating attackers around the world. Tinfoil Security’s vision is to empower Developers and DevOps teams with full and continuous cybersecurity integration, on any workflow system.