Tinfoil Security

They make website security regular, affordable, and easy. They crawl your site, a bit like Google, but instead of looking for text and HTML they look for common vulnerabilities in your website. They act as external hackers, picking through each access point on your website, trying to get in. If they are successful, they record where and how they did it, then report back to you! Their custom scanner combines the best (hand-picked, and hand stitched together) pieces of popular open source tools, along with other, custom tools built in-house (their "secret sauce") to provide you with the best results. They provide precise vulnerability information, including specific input requests and vulnerability locations. Once you understand what you're dealing with they will provide you with vulnerability fixes tailored toward your specific software stack.

about the company


Ainsley is the Co-founder and CEO of Tinfoil Security. Having graduated with a double-degree from MIT she has previously done UI/UX design for the Army while doing security and defense consulting at Booz Allen Hamilton. Her research at MIT has caused her to look at the world from a visual perspective, trying to understand how people look at things best. She is Tinfoil’s UX gal and loves understanding the way people think, act, view the world, and purchase security products.

Before Tinfoil, Borski was doing offensive software security in the DC area. He studied Computer Science at MIt

Tinfoil Security in the press

Feb. 27, 2016

Apple's Escalating Privacy Showdown

(Source: Bloomberg) 12:11 - David Bartosiak, strategist at Zacks.com, discusses the rally in the stock market and his options play for Amazon. Options Insight: Is Amazon Past Its Prime? He speaks with Bloomberg's Julie Hyman on "Bloomberg Markets."

July 9, 2015

Actually, those Chinese hackers put 20 million Americans at risk

The estimated 4 million US citizens whose information was seized by Chinese hackers in this past April's large-scale cyber attack could actually be closer to 20 million. Hackers targeted and seized the full name, birth date, home address and Social Security Number (SSN) of 4.2 million current and former federal government employees. However, reports are surfacing that the number affected by the hack on the US Office of Personnel Management (OPM) could even be closer to 25 million. "We'll be on the lookout for any word from the OPM in the coming days regarding an updated statement on the attacks. " At the time of writing, the estimated number of hacked non-applicants hasn't increased, but it very well could.

June 3, 2015

Microsoft's Azure App Service adds web vulnerability scanning from Tinfoil Security

Microsoft today announced that Azure App Service, its cloud service for building websites and mobile apps, now features web vulnerability scanning to ensure that apps are secure as developers build and update them. Interestingly, Tinfoil Security is available in the AWS Marketplace. The new feature, which is available today, comes courtesy of startup Tinfoil Security. “Microsoft Azure App Service chose Tinfoil Security because they are a trusted name in web application security and offer a strong set of services that will help our customers keep their web apps secure,” Microsoft Azure Websites software engineer Nazim Lala wrote in a blog post today on the news. It’s the latest addition to the Microsoft Azure public cloud, which has been steadily growing but remains in the shadow of public cloud market leader Amazon Web Services.

Feb. 19, 2014

500 Startups Demo Day: McClure’s Second Batch Of Startups, Unleashed

We’re in Mountain View at Dave McClure’s 500 Startups HQ where the second-ever 500 Startups Demo Day is about to start. McClure’s 500 Startups primarily invests in early stage startups that focus on the “Three Ds,” design, data and distribution. The incubator invests between $25K to $250K in its portfolio companies; startups that are part of the 500 Startups accelerator program get a $50K investment from the fund at a $1 million valuation and can stay in the 500 Startups offices for around four months. McClure tells me that 500 Startups is primarily looking for startups that have an easily understandable story. McClure tells me that the startups pitching at this Demo Day are unified by a strong international and female founder thread and “attitude” (which is why I cover 500 Startups I guess).

Oct. 7, 2012

5 cloud-native security companies to watch

Virtualization vendors like VMware have their own security offerings, and older security companies are starting to pivot their product positioning towards new kinds of cloud security issues. Tinfoil Security, also launching out of beta in September 2012, is one of the best cloud security examples of the consumerization of IT trend. Netflix is known for building a tool called SecurityMonkey to systematize application security testing and monitoring across its infrastructure. While these cloud-native security startups make headway, big companies are not standing still. Excitingly, there has not yet been a series of security company exits for companies that are truly native to the massive secular cloud and virtualization trends.

Sept. 26, 2012

Tinfoil Security Shows You Where Your Site Is Vulnerable

Braun tells us that Tinfoil Security plans to eventually expand into other forms of security that small and medium businesses need, including mobile, network, and automated social engineering. Launching with investments from Dave McClure, IDG Ventures, RTP Ventures and David Tisch, Tinfoil Security believes the security market is broken, and hopes to fix it with a service that is able to detect exactly where your site is most vulnerable. Today marks the public release of Tinfoil Security’s web application scanner, which not only highlights security issues, but also provides actionable results on how to fix them. Learn moreSecurity isn’t exactly the easiest nut to crack, especially for a young startup that is competing with services like Whitehat and McAfee Secure. Still, the founding team of MIT grads touts extensive security experience, and seems to be approaching the ever-growing problem of security with an affordable solution.

May 24, 2012

United Airlines reportedly spills passenger information

"This was something that I ran into completely organically, no shenanigans or security testing on my part (we need approval from a site's owner to run most security testing, and I'm not going to go out and violate wire fraud laws. Sedat suspects the glitch has something to do with that. United, which has acquired Continental Airlines, recently overhauled its system to include new flights and customers. When he logged out and logged back on, the errant information was gone. An engineer for a company that scans websites for security vulnerabilities recently got a new perspective on the dangers of Web application bugs.

Aug. 18, 2011

Comedy and Cash at 500 Startups' Demo Day

The 500 Startups Demo day was many things, and it provided a fascinating glimpse of the Silicon Valley culture of the moment. Term sheets would be signed, fortunes made and lost, but not today, now that Demo Day for Class 001 was over. After Day One of 500 Startups Demo Day, most of the checks had been written, the press had spilled its ink, and the spry entrepreneurs of Class 001 were able to breath a sigh of relief on Day 2. Demo Day may not have definitively answered the question of whether we’re in a startup bubble, but it came close. The singalong was powered by SINGBOARD, a web-based karaoke tool that is part of Class 001 of the 500 Startups Accelerator.

Aug. 16, 2011

The second batch of companies from 500 Startups' Demo Day

Hybrid incubator and seed fund 500 Startups hosted its second demo day in Mountain View today, where more than 30 companies in the program presented in front of investors and press. Here is a breakdown of the second batch of companies that presented today:ChirpMe: ChirpMe is a match-making site for blind dates. You can see the first batch of startups that presented at the firm’s Demo Day today here. WillCall: WillCall is a mobile application that delivers deals on live shows in a specific area. Snapette: Snapette is a mobile application that lets users browse new and nearby pieces of clothing for sale that are popular.