Hi! I'm borski. I'm working on Tinfoil with sbisker and ainsleyb. I've been doing security for a few years.
One thing I've noticed is that, all too often, smart people build websites that have major security vulnerabilities; usually, these are easy to fix, but they'd rather spend their time focusing on building out their product than worrying about security. As well they should.
Tinfoil allows you to worry about your product, not your security. We provide automated scans of network and web vulnerabilities with our custom-built crawler and fuzzer, displaying the results to you in a manner you can understand. You shouldn't have to be a security expert to understand how to fix common vulnerabilities and why fixing them is important.
Why did you choose to write your own crawler and fuzzer? Wouldn't it have been easier to use Wapiti, Nikto, Nessus, and W3af with a lightweight SaaS wrapper of your own?
Really looking forward to what 'borski manages to do with this. This has been a crazy-making problem for me over the last few years on HN --- we get calls from lots of very early startups who just can't possibly afford the going rate for software security work.
Is this for websites only? Or will you be able to work with other types of products such as desktop (OS X/Windows/Linux) or mobile (iPhone, Win Phone 7, Android)?
At the moment, we're only looking at website and network vulnerabilities for the server hosting the website.
The plan is to eventually expand to other types of products as well, but all in due time. We particularly have lots of ideas on how to secure mobile apps. :)
[+] [-] borski|15 years ago|reply
One thing I've noticed is that, all too often, smart people build websites that have major security vulnerabilities; usually, these are easy to fix, but they'd rather spend their time focusing on building out their product than worrying about security. As well they should.
Tinfoil allows you to worry about your product, not your security. We provide automated scans of network and web vulnerabilities with our custom-built crawler and fuzzer, displaying the results to you in a manner you can understand. You shouldn't have to be a security expert to understand how to fix common vulnerabilities and why fixing them is important.
Let us know what you think!
[+] [-] nyellin|15 years ago|reply
[+] [-] tptacek|15 years ago|reply
[+] [-] mweil|15 years ago|reply
[+] [-] borski|15 years ago|reply
The plan is to eventually expand to other types of products as well, but all in due time. We particularly have lots of ideas on how to secure mobile apps. :)
[+] [-] beck5|15 years ago|reply
Whats the business model? pay first or pay for the solution?
[+] [-] ainsleyb|15 years ago|reply