Synopsys Buys Application Security Testing Vendor Tinfoil Security

Tinfoil Security’s web scanning tool identifies vulnerabilities on web applications and is tightly integrated with DevOps workflows, while its API Scanner focused on detecting vulnerabilities in APIs.

Synopsys has purchased emerging vendor Tinfoil Security to better integrate dynamic application security testing into development and DevOps workflows.

The Irvine, Calif.-based software giant said the acquisition of Mountain View, Calif.-based Tinfoil Security will address an emerging need in the market around Application Program Interface (API) scanning technology and further differentiate the Synopsys portfolio.

"Through the acquisition of Tinfoil Security, Synopsys is expanding its DAST [dynamic application security testing] capabilities and adding API security testing capabilities, extending the most comprehensive portfolio of application security and quality testing solutions and further strengthening our technology leadership," Andreas Kuehlmann, co-general manager of the Synopsys Software Integrity Group, said in a statement.

[Related: 10 Hottest DevSecOps Tools You Need To Know About]

Terms of the deal, which was announced Tuesday afternoon, weren’t immediately disclosed, though Synopsys said the transaction wouldn’t be material to its finances. Synopsys’ stock remained unchanged at $148.67 in after-hours trading Tuesday.

Tinfoil Security was founded in 2011, employs 15 people, and has raised $100,000 in outside funding, according to LinkedIn and Crunchbase. The company’s signature web scanning tool identifies vulnerabilities on web applications and is tightly integrated with DevOps workflows, according to Synopsys.

"We're thrilled to be joining the Synopsys Software Integrity Group and excited about what this acquisition means for our team, our technology, and our customers," Tinfoil Security Co-Founder and CEO Ainsley Braun said in a statement. "As part of the Synopsys portfolio, we're in a stronger position to help developers and IT security professionals build secure solutions for their organizations."

Tinfoil Security also offers an API Scanner focused on detecting vulnerabilities in APIs, Synopsys said. This includes web-connected devices such as mobile backend servers, IoT devices, as well as any RESTful APIs, according to the company.

Eliminating exploitable vulnerabilities makes it more difficult for attackers to gain access to applications and systems exposed via APIs, Gartner said in a July 2019 report. And since APIs are a significant emerging attack vector, Gartner found that security testing can help avoid the tangible and intangible costs associated with breaches and other types of security incidents.

The Tinfoil Security acquisitions comes just five months after Synopsys purchased automotive software simulation, tool testing and services vendor QTronic. All told, Synopsys has made 75 acquisitions since being founded 34 years ago, according to Crunchbase.

For the most recent fiscal year, which ended Oct. 31, sales for Synopsys climbed to $3.36 billion, up 7.7 percent from $3.12 billion the year prior. And net income for the fiscal year skyrocketed to $532.4 million, or $3.45 per diluted share, up 23.1 percent from $432.5 million, or $2.82 per diluted share.