By Michael "Borski" Borohovski - June 03, 2015
Tinfoil Security is proud to announce a brand new partnership with Microsoft Azure, to provide their customers unparallelled web application security for their Azure Web Apps—the first such security solution to be offered on the Azure Marketplace. Microsoft has long been known for making it incredibly easy to build and deploy web applications, but customers always had to go elsewhere to ensure those same applications were safe and secure. Now, with the launch of this exciting partnership, it’s never been easier for you to secure your application. Tinfoil Security is built into your Azure Web Apps management portal, and can be set up with just the click of a button.
Microsoft Azure provides its customers industry-leading protection at the network and data-center level, but previously offered no web application security solutions. Now, with the aid of Tinfoil Security, Microsoft Azure’s customers finally have an easy way to secure their entire software stack.
Starting today, you can secure your Azure Web Apps by continuously scanning them for vulnerabilities. You’ll be scanned for over 60 types of vulnerabilities, including the OWASP Top 10, and we’ll provide detailed instructions on fixing every vulnerability we find.
Furthermore, we’ve added the ability to convert your scan results into ModSecurity rules. ModSecurity is a web application firewall (WAF) that Microsoft Azure includes as part of their Web Apps Service; think of ModSecurity as a layer in front of your application that inspects requests and decides whether or not to block them based on rules you’ve configured. As of today, you can enable our ModSecurity rules to help prevent attacks while you fix each underlying issue we discover. Tinfoil and Azure make this process easy, fast, and consistent.
Tinfoil has always had a great respect for Microsoft and, specifically, for the Azure team. When we first interacted with them back in 2013, we were left with the distinct impression that we shared both vision and goals: an extreme focus on the user experience, an intention to make development easier than ever before, and an understanding that security is a necessary and paramount part of the development process, especially as more and more companies continue to get breached and lose sensitive customer data.
This partnership has been a long time coming. We explored many different routes as we investigated how we could best offer our best-in-breed security and couple it with Azure’s top-notch build and deploy user experience. We’re proud to announce what we genuinely believe is the most valuable solution to Azure and Tinfoil customers alike.
We hope you’re as excited as we are about this exciting new offer for Microsoft Azure customers, so please don’t hesitate to let us know what you think.
Click here to get started on securing your Microsoft Azure Web Apps today.
If you’re not on the Azure platform, or if you want to integrate security deeper into your development and DevOps process, feel free to check out our main product at https://www.tinfoilsecurity.com.
Michael Borohovski is cofounder and CTO at Tinfoil Security. He got his start in security when he was just 13 years old, and has been programming for longer than he can remember. When he's not busy breaking software or building it, he also loves singing, juggling, and magic tricks. Yes, magic tricks.
By Ainsley Braun - September 26, 2012
Every now and again it’s good to take a step back and assess what you’re working on. It’s been a little over a year since my co-founder Borski and I took a step back at our former jobs in the defense and intelligence community -- he doing offensive software security, and I doing security consulting. What we realized then, and what is still true now, is there are more security issues affecting our world than the ones we encountered in our work. Every day, each of us is affected by the lack of good security products as we give away our personal, credit, and other sensitive information to insecure websites. But why?
The security market is broken. We’re stuck in a rut between services that are cheap but provide poor security (if they actually provide security at all), and services that are expensive, but outdated. It’s too simple for a service to spit out unactionable results, forcing you to hire an expensive security consultant, or to acquire a security product, roll it as their own, and call it good for years afterward without a single useful update.
I’m tired of falling in love with a service but having to avoid it because of its security flaws. There is no reason we can’t have a great security option for the small and medium-sized companies at a fraction of the cost, a solution that stays up-to-date on the latest hacks and can scan remotely, on a schedule, with five-minute setup: automated, proactive, integrated and affordable. Security needs to be democratized – accessible to and understandable by the masses.
Today marks our initial product release: a release we hope will be the first step of many in securing your information. We at Tinfoil Security are “ex-offense,” now playing defense. 93% of the hundreds of companies we’ve scanned have had at least one vulnerability. We help them get to zero. In addition to the heavy security experience brought by our team of MIT engineers, ease of use and actionability are our top priority. We respect your time.
Your data is one of your greatest assets. It’s time you have a partner that helps you protect your data, and cares about your security as if it were their own. We’re taking a new leap into the security market, making it efficient and agile.
I hope you join us.
Start a free scan now at https://www.tinfoilsecurity.com.
Co-founder & CEO
“To safeguard a public-facing website against external threats, a business needs two things: a team whose job is keeping up to date on the latest hacks and exploits and the ability to run safety scans randomly, periodically, and from an external location. This is the combination that Tinfoil offers as a service – a strong and growing team of security experts ready to run your site through the security gauntlet. To me, this is ‘peace of mind as a service,’” says Kirill Sheynkman, Senior Managing Director of RTP Ventures. “Much the way most heavy-trafficked global sites didn’t think of going live without first reading their ‘Gomez Report’, no company that opens its web application to the world should ever do so without continuous, external monitoring and safety provided by Tinfoil.”
Ainsley Braun is the co-founder and CEO of Tinfoil Security. She's consistently looking for interesting, innovative ways to improve the way security is currently implemented. She spends a lot of her time thinking about the usability and painpoints of security, and loves talking with Tinfoil's users. She also loves rowing and flying kites.
Tinfoil Security provides the simplest security solution. With Tinfoil Security, your site is routinely monitored and checked for vulnerabilities using a scanner that's constantly updated. Using the same techniques as malicious hackers, we systematically test all the access points, instantly notifying you when there's a threat and giving you step-by-step instructions, tailored to your software stack, to eliminate it. You have a lot to manage; let us manage your website's security.