Bring security to your developers.

We work toward integrating and automating your security needs. Deployment and development have become more agile and adjusting to that agile world is made easier with Tinfoil.


Our enterprise offerings include access to a multitude of tools to help you integrate security into your DevOps process.

On the security side, we have many ways we scan each of your websites. We can log into any website and are one of the only scanners that can scan applications that require SAML (Single Sign-On) authentication. If you have internal applications not exposed to the internet, we can scan those too, either via our security reverse tunnel or an internal fully-managed virtual appliance.

Our DevOps integrations include an easy-to-use API that hooks our scanner into your current security or CI systems, with a first-party plugin for Jenkins. Seamless integrations with JIRA and other issue trackers will ensure the right developer gets vulnerabilities fixed before they hit the public. To make the vulnerability-fixing process even simpler, we also produce single-click replay attacks and single-click rescans, allowing developers to not only see the exploit live, but know when they've fixed it within a minute, rather than waiting hours for a full new scan.

Download our one-pager
Request a Proof of Concept
Contact Information

  • Download Tinfoil mNDA

Technical Information
Extra Information
Thank you! Your request has been sent.

Giving security to developers and DevOps teams


Tinfoil simplifies the security process, bringing security into DevOps teams. Development teams are hundreds to thousands strong, while security teams are vastly smaller. These development teams have tests for functional bugs (unit tests, integrations tests, etc.), but there is little or no testing of security issues. We bring security tools into this process without adding any new burden or platforms to learn.

Image a before Image a after


Image b before Image b after

Whether integrating our API into a system or viewing vulnerability data on our website, you'll find no hangups and no jargon because our mission is to simplify the vulnerability reporting and fixing process. We'll give you how-to-fix instructions complete with code snippets, tailored to the language you wrote your application in. Any engineer can effortlessly find and fix the root cause of a vulnerability, regardless of their prior security experience. Integrations allow us to fit right into the developer's workflow, so we never break them out of the builder's mindset.


Our dynamic heuristic testing allows us to find more web application vulnerabilities than anyone else, with fewer false positives. We regularly incorporate new tests and always score higher than any other scanner on industry-standard benchmarks. To see the most recently published results, check out We're the only scanner tested to have found every vulnerability.

Image c before Image c after

Who is Tinfoil?


Tinfoil Security was founded by two MIT-trained defense and intelligence contractors working in offensive software security.

We're a team of MIT and intelligence community alumni with extensive backgrounds in security across many organizations. We focus on creating simple, usable security products and providing the best security on the market. We streamline the security process and focus on developers, providing the first line of security tools that easily integrate into the DevOps process and SDLC.

Tinfoil founders

What's next in the Tinfoil lab?


We're always working on new ways to incorporate easy-to-use security tools into the SDLC. If you're interested in getting updates or becoming a beta tester for our new projects, email


Mobile API scanning - currently in pre-release testing with select customers.

Customer-provided modules - email us if interested!