Tinfoil Security

They make website security regular, affordable, and easy. They crawl your site, a bit like Google, but instead of looking for text and HTML they look for common vulnerabilities in your website. They act as external hackers, picking through each access point on your website, trying to get in. If they are successful, they record where and how they did it, then report back to you! Their custom scanner combines the best (hand-picked, and hand stitched together) pieces of popular open source tools, along with other, custom tools built in-house (their "secret sauce") to provide you with the best results. They provide precise vulnerability information, including specific input requests and vulnerability locations. Once you understand what you're dealing with they will provide you with vulnerability fixes tailored toward your specific software stack.



about the company

Founders

Before Tinfoil, Borski was doing offensive software security in the DC area. He studied Computer Science at MIt

Ainsley is the Co-founder and CEO of Tinfoil Security. Having graduated with a double-degree from MIT she has previously done UI/UX design for the Army while doing security and defense consulting at Booz Allen Hamilton. Her research at MIT has caused her to look at the world from a visual perspective, trying to understand how people look at things best. She is Tinfoil’s UX gal and loves understanding the way people think, act, view the world, and purchase security products.

Tinfoil Security in the press

June 10, 2016

Security blindspots: websites, network architects, and third-party code

Borohovski said a lot of companies struggle with network security, web app security, and third party/open source security. Worrying about vulnerabilities from internal users or third-party code, however, is moot if security is not part of the network architecture. Thinking about security, then, must extend beyond the components of the enterprise website and extend out to testing third-party code. "The entire dependency chain with third-party code can become a dangerous proposition and the dependency chains can become quite large," Weber said. Finding issues in both the first- and third-party code is not a singular act.

June 8, 2016

Security blindspots: websites, network architects, and third-party code

But in the era of Big Data, they are also collecting information about voters – with little or no control, consent or security5 cases where big data was a big flop You thought big data is your answer to everything? Worrying about vulnerabilities from internal users or third-party code, however, is moot if security is not part of the network architecture. Thinking about security, then, must extend beyond the components of the enterprise website and extend out to testing third-party code. "The entire dependency chain with third-party code can become a dangerous proposition and the dependency chains can become quite large," Weber said. Finding issues in both the first- and third-party code is not a singular act.

Feb. 27, 2016

Apple's Escalating Privacy Showdown

(Source: Bloomberg) 12:11 - David Bartosiak, strategist at Zacks.com, discusses the rally in the stock market and his options play for Amazon. Options Insight: Is Amazon Past Its Prime? He speaks with Bloomberg's Julie Hyman on "Bloomberg Markets."