
Show HN: Tinfoil Security -- Security For Startups. Launching soon - borski
http://www.tinfoilsecurity.com
======
borski
Hi! I'm borski. I'm working on Tinfoil with sbisker and ainsleyb. I've been
doing security for a few years.

One thing I've noticed is that, all too often, smart people build websites
that have major security vulnerabilities; usually, these are easy to fix, but
they'd rather spend their time focusing on building out their product than
worrying about security. As well they should.

Tinfoil allows you to worry about your product, not your security. We provide
automated scans of network and web vulnerabilities with our custom-built
crawler and fuzzer, displaying the results to you in a manner you can
understand. You shouldn't have to be a security expert to understand how to
fix common vulnerabilities and why fixing them is important.

Let us know what you think!

~~~
nyellin
Why did you choose to write your own crawler and fuzzer? Wouldn't it have been
easier to use Wapiti, Nikto, Nessus, and W3af with a lightweight SaaS wrapper
of your own?

~~~
borski
We're doing both, actually. There are some things we're doing that are fairly
unique, but part of the scanning system is in fact wrapping already existing
tools.

It's the unique parts that are custom-built. Finding 0day is hard with the
existing tools. :)

------
tptacek
Really looking forward to what 'borski manages to do with this. This has been
a crazy-making problem for me over the last few years on HN --- we get calls
from lots of very early startups who just can't possibly afford the going rate
for software security work.

------
mweil
Is this for websites only? Or will you be able to work with other types of
products such as desktop (OS X/Windows/Linux) or mobile (iPhone, Win Phone 7,
Android)?

~~~
borski
At the moment, we're only looking at website and network vulnerabilities for
the server hosting the website.

The plan is to eventually expand to other types of products as well, but all
in due time. We particularly have lots of ideas on how to secure mobile apps.
:)

------
beck5
Looks very useful, I have next to no security knowledge past the basics.

Whats the business model? pay first or pay for the solution?

~~~
ainsleyb
At the moment we're looking at a pay first business model. We will be
tailoring results and recommended solutions to your stack.

