About security testing:

Payment processing API penetration testing
Tenendo specialists discovered an unattended staging environment and leveraged its vulnerabilities for sensitive information disclosure. This information was later reused in an attack against the main application, that allowed us access to the payment API on behalf of other customers of our Client.

Social engineering
During this social engineering engagement, it was possible to achieve persistent internal access, exfiltrate confidential and personal information, and compromise the internal segmented infrastructure.

PCI DSS segmentation testing case
The team created several hardware connect-back appliances and used it in a PCI DSS segmentation testing.