Contact us: info@tenendo.com
Avoiding XSS injection vulnerabilities
In this section, we'll describe some general principles for preventing cross-site scripting vulnerabilities and ways of using various common technolog…
Avoiding OS command injection
Every command call and dynamic code generation method is a ticking bomb and must be handled accordingly.
Cloud Infrastructure Audit and Performance testing case
The main goal of the Technical Audit from a customer request was to understand if the system is scalable or not and provide guidance for improvements.
PCI DSS segmentation testing case
The team created several hardware connect-back appliances and used it in a PCI DSS segmentation testing.
Payment processing API penetration testing
Tenendo specialists discovered an unattended staging environment and leveraged its vulnerabilities for sensitive information disclosure. This informat…
Client-Bank application compromise
This case is a very good example why manual penetration tests are valuable - the team achieved compromise without administrator access to the applicat…
Internal Adversary Simulation case study
Do you want to know how your organisation will fare against an internal attack? Look no further than Tenendo's Internal Adversary Simulation.
Internal Adversary Simulation Case
The adversary simulation activity helped the client identify and remediate multiple issues with the on-premise infrastructure and vulnerabilities, cal…
Azure Active Directory compromise
The Azure penetration test helped the client identify and remediate multiple issues and misconfigurations, harden their infrastructure and calculate p…
EDR product’s effectiveness evaluation case
Evaluating EDR Product against Threat Actors: Uncovering Limitations and Collaboration for Enhanced Detection of Multiple Killchains.