Contact us: info@tenendo.com
Obtain secrets from different sources
Obtain secrets from storage buckets, static landing pages and other static content with examples
Git secret leaks
Secure secrets management in git from the offensive point of view. With examples and demo scripts.
Bash/zsh scripts. Part 3
Secure secrets management in Docker containers from the offensive point of view. Secrets in bash/zsh scripts. Secrets in logs.
Secure secrets management in Docker containers. Part 2
Secure secrets management in Docker containers from the offensive point of view. Secrets in memory. Secrets in build arguments
Secure secrets management in Docker containers. Part 1
Secure secrets management in Docker containers from the offensive point of view. With examples and demo scripts.
JNDI injection
Java Naming and Directory Interface (JNDI) is a Java API that allows clients to discover and look up data and objects via a name.
JNDI injection. Log4Shell case study
On December 10, 2021, Apache released a fix for CVE-2021-44228, a critical RCE vulnerability affecting Log4j that is being exploited in the wild.
JNDI injection. JDBC
Preventing JNDI injection vulnerabilities by using a source code review is always a good idea.
Insecure deserialization
Insecure deserialization is when user-controllable data is deserialised by a website. This potentially enables an attacker to manipulate serialised ob…
Input processing vulnerabilities
Input validation is a frequently-used technique for checking potentially dangerous inputs in order to ensure that the inputs are safe for processing w…