Synopsys acquires Tinfoil Security, DAST and API testing solutions provider

Today, Synopsys completed the acquisition of Tinfoil Security, an innovative provider of dynamic application security testing (DAST) and application programming interface (API) testing. This acquisition tightly aligns with the vision Synopsys began with when we established the Software Integrity Group over five years ago. Tinfoil’s solutions will broaden what is already the most comprehensive portfolio in the market and will strengthen the Polaris Software Integrity Platform™.

DAST is a staple of modern application security testing programs, and Synopsys has a distinguished history of delivering DAST via Security Testing Services. The next logical step to extend our capabilities is to bring in Tinfoil’s proven DAST tool, which readily integrates into DevOps workflows and empowers developers to engage in application security.

API security testing is a relatively new addition to security testing programs, and Tinfoil Security is an innovator in this emerging area. The Tinfoil API Scanner detects vulnerabilities in APIs, including those on mobile back-end servers and IoT devices, as well as RESTful APIs. This testing capability, built with the developer in mind, fits seamlessly into existing development processes.

Synopsys has been building a comprehensive, end-to-end portfolio for software security and quality, and the Tinfoil Security acquisition is an important step. With the addition of Tinfoil’s products, the Polaris platform will provide organizations all the tools they need to build secure, high-quality software, plus the integrations to do it faster.

The updated Synopsys Software Integrity portfolio features solutions with these capabilities:

• Static application security testing (SAST) to address security and quality defects with our proven solution for static code analysis.
• Software composition analysis (SCA) to identify vulnerabilities and license compliance issues in open source software, including a unique capability for testing binaries.
• Interactive application security testing (IAST) with active verification and sensitive-data tracking for web-based applications—an industry first.
• Comprehensive, automated black box fuzzing to discover security weaknesses in software, with more than 250 network protocols and file formats supported.
• Next-generation DAST to identify security vulnerabilities in web applications.
• API testing to test the RESTful APIs used to build web applications leveraging microservice architectures.

We’re excited to have the Tinfoil team join Synopsys, and we extend them a warm welcome. We also welcome Tinfoil Security customers and look forward to supporting their continued success.